diff --git a/samtranslator/schema/schema.json b/samtranslator/schema/schema.json index 1e233e79f..05f6854ca 100644 --- a/samtranslator/schema/schema.json +++ b/samtranslator/schema/schema.json @@ -30021,7 +30021,7 @@ "type": "string" }, "ImageId": { - "markdownDescription": "The identifier for the Amazon Machine Image (AMI) that's used to create the EC2 instance. To choose an AMI for the instance, you must specify a valid AMI alias or a valid AWS Systems Manager path.\n\nFrom November 20, 2023, you will be required to include the `imageId` parameter for the `CreateEnvironmentEC2` action. This change will be reflected across all direct methods of communicating with the API, such as AWS SDK, AWS CLI and AWS CloudFormation. This change will only affect direct API consumers, and not AWS Cloud9 console users.\n\nFrom January 22, 2024, Amazon Linux (AL1) will be removed from the list of available image IDs for Cloud9. This is necessary as AL1 will reach the end of maintenance support in December 2023, and as a result will no longer receive security updates. We recommend using Amazon Linux 2 as the new AMI to create your environment as it is fully supported. This change will only affect direct API consumers, and not AWS Cloud9 console users.\n\nSince Ubuntu 18.04 has ended standard support as of May 31, 2023, we recommend you choose Ubuntu 22.04.\n\n*AMI aliases*\n\n- *Amazon Linux (default): `amazonlinux-1-x86_64`*\n- Amazon Linux 2: `amazonlinux-2-x86_64`\n- Ubuntu 18.04: `ubuntu-18.04-x86_64`\n- Ubuntu 22.04: `ubuntu-22.04-x86_64`\n\n*SSM paths*\n\n- *Amazon Linux (default): `resolve:ssm:/aws/service/cloud9/amis/amazonlinux-1-x86_64`*\n- Amazon Linux 2: `resolve:ssm:/aws/service/cloud9/amis/amazonlinux-2-x86_64`\n- Ubuntu 18.04: `resolve:ssm:/aws/service/cloud9/amis/ubuntu-18.04-x86_64`\n- Ubuntu 22.04: `resolve:ssm:/aws/service/cloud9/amis/ubuntu-22.04-x86_64`", + "markdownDescription": "The identifier for the Amazon Machine Image (AMI) that's used to create the EC2 instance. To choose an AMI for the instance, you must specify a valid AMI alias or a valid AWS Systems Manager path.\n\nFrom November 20, 2023, you will be required to include the `imageId` parameter for the `CreateEnvironmentEC2` action. This change will be reflected across all direct methods of communicating with the API, such as AWS SDK, AWS CLI and AWS CloudFormation. This change will only affect direct API consumers, and not AWS Cloud9 console users.\n\nFrom January 22, 2024, Amazon Linux (AL1) will be removed from the list of available image IDs for Cloud9. This is necessary as AL1 will reach the end of maintenance support in December 2023, and as a result will no longer receive security updates. We recommend using Amazon Linux 2 as the new AMI to create your environment as it is fully supported. This change will only affect direct API consumers, and not AWS Cloud9 console users.\n\nSince Ubuntu 18.04 has ended standard support as of May 31, 2023, we recommend you choose Ubuntu 22.04.\n\n*AMI aliases*\n\n- Amazon Linux: `amazonlinux-1-x86_64`\n- Amazon Linux 2: `amazonlinux-2-x86_64`\n- Ubuntu 18.04: `ubuntu-18.04-x86_64`\n- Ubuntu 22.04: `ubuntu-22.04-x86_64`\n\n*SSM paths*\n\n- Amazon Linux: `resolve:ssm:/aws/service/cloud9/amis/amazonlinux-1-x86_64`\n- Amazon Linux 2: `resolve:ssm:/aws/service/cloud9/amis/amazonlinux-2-x86_64`\n- Ubuntu 18.04: `resolve:ssm:/aws/service/cloud9/amis/ubuntu-18.04-x86_64`\n- Ubuntu 22.04: `resolve:ssm:/aws/service/cloud9/amis/ubuntu-22.04-x86_64`", "title": "ImageId", "type": "string" }, @@ -34929,7 +34929,7 @@ "type": "array" }, "Field": { - "markdownDescription": "A field in a CloudTrail event record on which to filter events to be logged. For event data stores for AWS Config configuration items, Audit Manager evidence, or non- AWS events, the field is used only for selecting events as filtering is not supported.\n\nFor CloudTrail event records, supported fields include `readOnly` , `eventCategory` , `eventSource` (for management events), `eventName` , `resources.type` , and `resources.ARN` .\n\nFor event data stores for AWS Config configuration items, Audit Manager evidence, or non- AWS events, the only supported field is `eventCategory` .\n\n- *`readOnly`* - Optional. Can be set to `Equals` a value of `true` or `false` . If you do not add this field, CloudTrail logs both `read` and `write` events. A value of `true` logs only `read` events. A value of `false` logs only `write` events.\n- *`eventSource`* - For filtering management events only. This can be set to `NotEquals` `kms.amazonaws.com` or `NotEquals` `rdsdata.amazonaws.com` .\n- *`eventName`* - Can use any operator. You can use it to \ufb01lter in or \ufb01lter out any data event logged to CloudTrail, such as `PutBucket` or `GetSnapshotBlock` . You can have multiple values for this \ufb01eld, separated by commas.\n- *`eventCategory`* - This is required and must be set to `Equals` .\n\n- For CloudTrail event records, the value must be `Management` or `Data` .\n- For CloudTrail Insights event records, the value must be `Insight` .\n- For AWS Config configuration items, the value must be `ConfigurationItem` .\n- For Audit Manager evidence, the value must be `Evidence` .\n- For non- AWS events, the value must be `ActivityAuditLog` .\n- *`resources.type`* - This \ufb01eld is required for CloudTrail data events. `resources.type` can only use the `Equals` operator, and the value can be one of the following:\n\n- `AWS::DynamoDB::Table`\n- `AWS::Lambda::Function`\n- `AWS::S3::Object`\n- `AWS::CloudTrail::Channel`\n- `AWS::CodeWhisperer::Customization`\n- `AWS::CodeWhisperer::Profile`\n- `AWS::Cognito::IdentityPool`\n- `AWS::DynamoDB::Stream`\n- `AWS::EC2::Snapshot`\n- `AWS::EMRWAL::Workspace`\n- `AWS::FinSpace::Environment`\n- `AWS::Glue::Table`\n- `AWS::GuardDuty::Detector`\n- `AWS::KendraRanking::ExecutionPlan`\n- `AWS::KinesisVideo::Stream`\n- `AWS::ManagedBlockchain::Network`\n- `AWS::ManagedBlockchain::Node`\n- `AWS::MedicalImaging::Datastore`\n- `AWS::PCAConnectorAD::Connector`\n- `AWS::SageMaker::Endpoint`\n- `AWS::SageMaker::ExperimentTrialComponent`\n- `AWS::SageMaker::FeatureGroup`\n- `AWS::SNS::PlatformEndpoint`\n- `AWS::SNS::Topic`\n- `AWS::S3::AccessPoint`\n- `AWS::S3ObjectLambda::AccessPoint`\n- `AWS::S3Outposts::Object`\n- `AWS::SSMMessages::ControlChannel`\n- `AWS::Timestream::Database`\n- `AWS::Timestream::Table`\n- `AWS::VerifiedPermissions::PolicyStore`\n\nYou can have only one `resources.type` \ufb01eld per selector. To log data events on more than one resource type, add another selector.\n- *`resources.ARN`* - You can use any operator with `resources.ARN` , but if you use `Equals` or `NotEquals` , the value must exactly match the ARN of a valid resource of the type you've speci\ufb01ed in the template as the value of resources.type. For example, if resources.type equals `AWS::S3::Object` , the ARN must be in one of the following formats. To log all data events for all objects in a specific S3 bucket, use the `StartsWith` operator, and include only the bucket ARN as the matching value.\n\nThe trailing slash is intentional; do not exclude it. Replace the text between less than and greater than symbols (<>) with resource-specific information.\n\n- `arn::s3:::/`\n- `arn::s3::://`\n\nWhen resources.type equals `AWS::DynamoDB::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::dynamodb:::table/`\n\nWhen resources.type equals `AWS::Lambda::Function` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::lambda:::function:`\n\nWhen resources.type equals `AWS::CloudTrail::Channel` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::cloudtrail:::channel/`\n\nWhen resources.type equals `AWS::CodeWhisperer::Customization` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::codewhisperer:::customization/`\n\nWhen resources.type equals `AWS::CodeWhisperer::Profile` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::codewhisperer:::profile/`\n\nWhen resources.type equals `AWS::Cognito::IdentityPool` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::cognito-identity:::identitypool/`\n\nWhen `resources.type` equals `AWS::DynamoDB::Stream` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::dynamodb:::table//stream/`\n\nWhen `resources.type` equals `AWS::EC2::Snapshot` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::ec2:::snapshot/`\n\nWhen `resources.type` equals `AWS::EMRWAL::Workspace` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::emrwal:::workspace/`\n\nWhen `resources.type` equals `AWS::FinSpace::Environment` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::finspace:::environment/`\n\nWhen `resources.type` equals `AWS::Glue::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::glue:::table//`\n\nWhen `resources.type` equals `AWS::GuardDuty::Detector` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::guardduty:::detector/`\n\nWhen `resources.type` equals `AWS::KendraRanking::ExecutionPlan` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::kendra-ranking:::rescore-execution-plan/`\n\nWhen `resources.type` equals `AWS::KinesisVideo::Stream` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::kinesisvideo:::stream/`\n\nWhen `resources.type` equals `AWS::ManagedBlockchain::Network` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::managedblockchain:::networks/`\n\nWhen `resources.type` equals `AWS::ManagedBlockchain::Node` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::managedblockchain:::nodes/`\n\nWhen `resources.type` equals `AWS::MedicalImaging::Datastore` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::medical-imaging:::datastore/`\n\nWhen `resources.type` equals `AWS::PCAConnectorAD::Connector` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::pca-connector-ad:::connector/`\n\nWhen `resources.type` equals `AWS::SageMaker::Endpoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::endpoint/`\n\nWhen `resources.type` equals `AWS::SageMaker::ExperimentTrialComponent` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::experiment-trial-component/`\n\nWhen `resources.type` equals `AWS::SageMaker::FeatureGroup` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::feature-group/`\n\nWhen `resources.type` equals `AWS::SNS::PlatformEndpoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sns:::endpoint///`\n\nWhen `resources.type` equals `AWS::SNS::Topic` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sns:::`\n\nWhen `resources.type` equals `AWS::S3::AccessPoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in one of the following formats. To log events on all objects in an S3 access point, we recommend that you use only the access point ARN, don\u2019t include the object path, and use the `StartsWith` or `NotStartsWith` operators.\n\n- `arn::s3:::accesspoint/`\n- `arn::s3:::accesspoint//object/`\n\nWhen `resources.type` equals `AWS::S3ObjectLambda::AccessPoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::s3-object-lambda:::accesspoint/`\n\nWhen `resources.type` equals `AWS::S3Outposts::Object` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::s3-outposts:::`\n\nWhen `resources.type` equals `AWS::SSMMessages::ControlChannel` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::ssmmessages:::control-channel/`\n\nWhen `resources.type` equals `AWS::Timestream::Database` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::timestream:::database/`\n\nWhen `resources.type` equals `AWS::Timestream::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::timestream:::database//table/`\n\nWhen resources.type equals `AWS::VerifiedPermissions::PolicyStore` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::verifiedpermissions:::policy-store/`", + "markdownDescription": "A field in a CloudTrail event record on which to filter events to be logged. For event data stores for AWS Config configuration items, Audit Manager evidence, or non- AWS events, the field is used only for selecting events as filtering is not supported.\n\nFor CloudTrail event records, supported fields include `readOnly` , `eventCategory` , `eventSource` (for management events), `eventName` , `resources.type` , and `resources.ARN` .\n\nFor event data stores for AWS Config configuration items, Audit Manager evidence, or non- AWS events, the only supported field is `eventCategory` .\n\n- *`readOnly`* - Optional. Can be set to `Equals` a value of `true` or `false` . If you do not add this field, CloudTrail logs both `read` and `write` events. A value of `true` logs only `read` events. A value of `false` logs only `write` events.\n- *`eventSource`* - For filtering management events only. This can be set to `NotEquals` `kms.amazonaws.com` or `NotEquals` `rdsdata.amazonaws.com` .\n- *`eventName`* - Can use any operator. You can use it to \ufb01lter in or \ufb01lter out any data event logged to CloudTrail, such as `PutBucket` or `GetSnapshotBlock` . You can have multiple values for this \ufb01eld, separated by commas.\n- *`eventCategory`* - This is required and must be set to `Equals` .\n\n- For CloudTrail event records, the value must be `Management` or `Data` .\n- For CloudTrail Insights event records, the value must be `Insight` .\n- For AWS Config configuration items, the value must be `ConfigurationItem` .\n- For Audit Manager evidence, the value must be `Evidence` .\n- For non- AWS events, the value must be `ActivityAuditLog` .\n- *`resources.type`* - This \ufb01eld is required for CloudTrail data events. `resources.type` can only use the `Equals` operator, and the value can be one of the following:\n\n- `AWS::DynamoDB::Table`\n- `AWS::Lambda::Function`\n- `AWS::S3::Object`\n- `AWS::CloudTrail::Channel`\n- `AWS::CodeWhisperer::Customization`\n- `AWS::CodeWhisperer::Profile`\n- `AWS::Cognito::IdentityPool`\n- `AWS::DynamoDB::Stream`\n- `AWS::EC2::Snapshot`\n- `AWS::EMRWAL::Workspace`\n- `AWS::FinSpace::Environment`\n- `AWS::Glue::Table`\n- `AWS::GuardDuty::Detector`\n- `AWS::KendraRanking::ExecutionPlan`\n- `AWS::KinesisVideo::Stream`\n- `AWS::ManagedBlockchain::Network`\n- `AWS::ManagedBlockchain::Node`\n- `AWS::MedicalImaging::Datastore`\n- `AWS::PCAConnectorAD::Connector`\n- `AWS::SageMaker::Endpoint`\n- `AWS::SageMaker::ExperimentTrialComponent`\n- `AWS::SageMaker::FeatureGroup`\n- `AWS::ServiceDiscovery::Namespace`\n- `AWS::ServiceDiscovery::Service`\n- `AWS::SNS::PlatformEndpoint`\n- `AWS::SNS::Topic`\n- `AWS::SQS::Queue`\n- `AWS::S3::AccessPoint`\n- `AWS::S3ObjectLambda::AccessPoint`\n- `AWS::S3Outposts::Object`\n- `AWS::SSMMessages::ControlChannel`\n- `AWS::Timestream::Database`\n- `AWS::Timestream::Table`\n- `AWS::VerifiedPermissions::PolicyStore`\n\nYou can have only one `resources.type` \ufb01eld per selector. To log data events on more than one resource type, add another selector.\n- *`resources.ARN`* - You can use any operator with `resources.ARN` , but if you use `Equals` or `NotEquals` , the value must exactly match the ARN of a valid resource of the type you've speci\ufb01ed in the template as the value of resources.type. For example, if resources.type equals `AWS::S3::Object` , the ARN must be in one of the following formats. To log all data events for all objects in a specific S3 bucket, use the `StartsWith` operator, and include only the bucket ARN as the matching value.\n\nThe trailing slash is intentional; do not exclude it. Replace the text between less than and greater than symbols (<>) with resource-specific information.\n\n- `arn::s3:::/`\n- `arn::s3::://`\n\nWhen resources.type equals `AWS::DynamoDB::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::dynamodb:::table/`\n\nWhen resources.type equals `AWS::Lambda::Function` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::lambda:::function:`\n\nWhen resources.type equals `AWS::CloudTrail::Channel` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::cloudtrail:::channel/`\n\nWhen resources.type equals `AWS::CodeWhisperer::Customization` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::codewhisperer:::customization/`\n\nWhen resources.type equals `AWS::CodeWhisperer::Profile` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::codewhisperer:::profile/`\n\nWhen resources.type equals `AWS::Cognito::IdentityPool` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::cognito-identity:::identitypool/`\n\nWhen `resources.type` equals `AWS::DynamoDB::Stream` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::dynamodb:::table//stream/`\n\nWhen `resources.type` equals `AWS::EC2::Snapshot` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::ec2:::snapshot/`\n\nWhen `resources.type` equals `AWS::EMRWAL::Workspace` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::emrwal:::workspace/`\n\nWhen `resources.type` equals `AWS::FinSpace::Environment` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::finspace:::environment/`\n\nWhen `resources.type` equals `AWS::Glue::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::glue:::table//`\n\nWhen `resources.type` equals `AWS::GuardDuty::Detector` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::guardduty:::detector/`\n\nWhen `resources.type` equals `AWS::KendraRanking::ExecutionPlan` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::kendra-ranking:::rescore-execution-plan/`\n\nWhen `resources.type` equals `AWS::KinesisVideo::Stream` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::kinesisvideo:::stream/`\n\nWhen `resources.type` equals `AWS::ManagedBlockchain::Network` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::managedblockchain:::networks/`\n\nWhen `resources.type` equals `AWS::ManagedBlockchain::Node` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::managedblockchain:::nodes/`\n\nWhen `resources.type` equals `AWS::MedicalImaging::Datastore` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::medical-imaging:::datastore/`\n\nWhen `resources.type` equals `AWS::PCAConnectorAD::Connector` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::pca-connector-ad:::connector/`\n\nWhen `resources.type` equals `AWS::SageMaker::Endpoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::endpoint/`\n\nWhen `resources.type` equals `AWS::SageMaker::ExperimentTrialComponent` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::experiment-trial-component/`\n\nWhen `resources.type` equals `AWS::SageMaker::FeatureGroup` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::feature-group/`\n\nWhen `resources.type` equals `AWS::ServiceDiscovery::Namespace` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::servicediscovery:::namespace/`\n\nWhen `resources.type` equals `AWS::ServiceDiscovery::Service` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::servicediscovery:::service/`\n\nWhen `resources.type` equals `AWS::SNS::PlatformEndpoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sns:::endpoint///`\n\nWhen `resources.type` equals `AWS::SNS::Topic` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sns:::`\n\nWhen `resources.type` equals `AWS::SQS::Queue` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sqs:::`\n\nWhen `resources.type` equals `AWS::S3::AccessPoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in one of the following formats. To log events on all objects in an S3 access point, we recommend that you use only the access point ARN, don\u2019t include the object path, and use the `StartsWith` or `NotStartsWith` operators.\n\n- `arn::s3:::accesspoint/`\n- `arn::s3:::accesspoint//object/`\n\nWhen `resources.type` equals `AWS::S3ObjectLambda::AccessPoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::s3-object-lambda:::accesspoint/`\n\nWhen `resources.type` equals `AWS::S3Outposts::Object` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::s3-outposts:::`\n\nWhen `resources.type` equals `AWS::SSMMessages::ControlChannel` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::ssmmessages:::control-channel/`\n\nWhen `resources.type` equals `AWS::Timestream::Database` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::timestream:::database/`\n\nWhen `resources.type` equals `AWS::Timestream::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::timestream:::database//table/`\n\nWhen resources.type equals `AWS::VerifiedPermissions::PolicyStore` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::verifiedpermissions:::policy-store/`", "title": "Field", "type": "string" }, @@ -35241,7 +35241,7 @@ "type": "array" }, "Field": { - "markdownDescription": "A field in a CloudTrail event record on which to filter events to be logged. For event data stores for AWS Config configuration items, Audit Manager evidence, or non- AWS events, the field is used only for selecting events as filtering is not supported.\n\nFor CloudTrail event records, supported fields include `readOnly` , `eventCategory` , `eventSource` (for management events), `eventName` , `resources.type` , and `resources.ARN` .\n\nFor event data stores for AWS Config configuration items, Audit Manager evidence, or non- AWS events, the only supported field is `eventCategory` .\n\n- *`readOnly`* - Optional. Can be set to `Equals` a value of `true` or `false` . If you do not add this field, CloudTrail logs both `read` and `write` events. A value of `true` logs only `read` events. A value of `false` logs only `write` events.\n- *`eventSource`* - For filtering management events only. This can be set to `NotEquals` `kms.amazonaws.com` or `NotEquals` `rdsdata.amazonaws.com` .\n- *`eventName`* - Can use any operator. You can use it to \ufb01lter in or \ufb01lter out any data event logged to CloudTrail, such as `PutBucket` or `GetSnapshotBlock` . You can have multiple values for this \ufb01eld, separated by commas.\n- *`eventCategory`* - This is required and must be set to `Equals` .\n\n- For CloudTrail event records, the value must be `Management` or `Data` .\n- For CloudTrail Insights event records, the value must be `Insight` .\n- For AWS Config configuration items, the value must be `ConfigurationItem` .\n- For Audit Manager evidence, the value must be `Evidence` .\n- For non- AWS events, the value must be `ActivityAuditLog` .\n- *`resources.type`* - This \ufb01eld is required for CloudTrail data events. `resources.type` can only use the `Equals` operator, and the value can be one of the following:\n\n- `AWS::DynamoDB::Table`\n- `AWS::Lambda::Function`\n- `AWS::S3::Object`\n- `AWS::CloudTrail::Channel`\n- `AWS::CodeWhisperer::Customization`\n- `AWS::CodeWhisperer::Profile`\n- `AWS::Cognito::IdentityPool`\n- `AWS::DynamoDB::Stream`\n- `AWS::EC2::Snapshot`\n- `AWS::EMRWAL::Workspace`\n- `AWS::FinSpace::Environment`\n- `AWS::Glue::Table`\n- `AWS::GuardDuty::Detector`\n- `AWS::KendraRanking::ExecutionPlan`\n- `AWS::KinesisVideo::Stream`\n- `AWS::ManagedBlockchain::Network`\n- `AWS::ManagedBlockchain::Node`\n- `AWS::MedicalImaging::Datastore`\n- `AWS::PCAConnectorAD::Connector`\n- `AWS::SageMaker::Endpoint`\n- `AWS::SageMaker::ExperimentTrialComponent`\n- `AWS::SageMaker::FeatureGroup`\n- `AWS::SNS::PlatformEndpoint`\n- `AWS::SNS::Topic`\n- `AWS::S3::AccessPoint`\n- `AWS::S3ObjectLambda::AccessPoint`\n- `AWS::S3Outposts::Object`\n- `AWS::SSMMessages::ControlChannel`\n- `AWS::Timestream::Database`\n- `AWS::Timestream::Table`\n- `AWS::VerifiedPermissions::PolicyStore`\n\nYou can have only one `resources.type` \ufb01eld per selector. To log data events on more than one resource type, add another selector.\n- *`resources.ARN`* - You can use any operator with `resources.ARN` , but if you use `Equals` or `NotEquals` , the value must exactly match the ARN of a valid resource of the type you've speci\ufb01ed in the template as the value of resources.type. For example, if resources.type equals `AWS::S3::Object` , the ARN must be in one of the following formats. To log all data events for all objects in a specific S3 bucket, use the `StartsWith` operator, and include only the bucket ARN as the matching value.\n\nThe trailing slash is intentional; do not exclude it. Replace the text between less than and greater than symbols (<>) with resource-specific information.\n\n- `arn::s3:::/`\n- `arn::s3::://`\n\nWhen resources.type equals `AWS::DynamoDB::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::dynamodb:::table/`\n\nWhen resources.type equals `AWS::Lambda::Function` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::lambda:::function:`\n\nWhen resources.type equals `AWS::CloudTrail::Channel` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::cloudtrail:::channel/`\n\nWhen resources.type equals `AWS::CodeWhisperer::Customization` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::codewhisperer:::customization/`\n\nWhen resources.type equals `AWS::CodeWhisperer::Profile` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::codewhisperer:::profile/`\n\nWhen resources.type equals `AWS::Cognito::IdentityPool` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::cognito-identity:::identitypool/`\n\nWhen `resources.type` equals `AWS::DynamoDB::Stream` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::dynamodb:::table//stream/`\n\nWhen `resources.type` equals `AWS::EC2::Snapshot` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::ec2:::snapshot/`\n\nWhen `resources.type` equals `AWS::EMRWAL::Workspace` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::emrwal:::workspace/`\n\nWhen `resources.type` equals `AWS::FinSpace::Environment` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::finspace:::environment/`\n\nWhen `resources.type` equals `AWS::Glue::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::glue:::table//`\n\nWhen `resources.type` equals `AWS::GuardDuty::Detector` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::guardduty:::detector/`\n\nWhen `resources.type` equals `AWS::KendraRanking::ExecutionPlan` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::kendra-ranking:::rescore-execution-plan/`\n\nWhen `resources.type` equals `AWS::KinesisVideo::Stream` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::kinesisvideo:::stream/`\n\nWhen `resources.type` equals `AWS::ManagedBlockchain::Network` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::managedblockchain:::networks/`\n\nWhen `resources.type` equals `AWS::ManagedBlockchain::Node` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::managedblockchain:::nodes/`\n\nWhen `resources.type` equals `AWS::MedicalImaging::Datastore` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::medical-imaging:::datastore/`\n\nWhen `resources.type` equals `AWS::PCAConnectorAD::Connector` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::pca-connector-ad:::connector/`\n\nWhen `resources.type` equals `AWS::SageMaker::Endpoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::endpoint/`\n\nWhen `resources.type` equals `AWS::SageMaker::ExperimentTrialComponent` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::experiment-trial-component/`\n\nWhen `resources.type` equals `AWS::SageMaker::FeatureGroup` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::feature-group/`\n\nWhen `resources.type` equals `AWS::SNS::PlatformEndpoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sns:::endpoint///`\n\nWhen `resources.type` equals `AWS::SNS::Topic` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sns:::`\n\nWhen `resources.type` equals `AWS::S3::AccessPoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in one of the following formats. To log events on all objects in an S3 access point, we recommend that you use only the access point ARN, don\u2019t include the object path, and use the `StartsWith` or `NotStartsWith` operators.\n\n- `arn::s3:::accesspoint/`\n- `arn::s3:::accesspoint//object/`\n\nWhen `resources.type` equals `AWS::S3ObjectLambda::AccessPoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::s3-object-lambda:::accesspoint/`\n\nWhen `resources.type` equals `AWS::S3Outposts::Object` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::s3-outposts:::`\n\nWhen `resources.type` equals `AWS::SSMMessages::ControlChannel` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::ssmmessages:::control-channel/`\n\nWhen `resources.type` equals `AWS::Timestream::Database` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::timestream:::database/`\n\nWhen `resources.type` equals `AWS::Timestream::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::timestream:::database//table/`\n\nWhen resources.type equals `AWS::VerifiedPermissions::PolicyStore` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::verifiedpermissions:::policy-store/`", + "markdownDescription": "A field in a CloudTrail event record on which to filter events to be logged. For event data stores for AWS Config configuration items, Audit Manager evidence, or non- AWS events, the field is used only for selecting events as filtering is not supported.\n\nFor CloudTrail event records, supported fields include `readOnly` , `eventCategory` , `eventSource` (for management events), `eventName` , `resources.type` , and `resources.ARN` .\n\nFor event data stores for AWS Config configuration items, Audit Manager evidence, or non- AWS events, the only supported field is `eventCategory` .\n\n- *`readOnly`* - Optional. Can be set to `Equals` a value of `true` or `false` . If you do not add this field, CloudTrail logs both `read` and `write` events. A value of `true` logs only `read` events. A value of `false` logs only `write` events.\n- *`eventSource`* - For filtering management events only. This can be set to `NotEquals` `kms.amazonaws.com` or `NotEquals` `rdsdata.amazonaws.com` .\n- *`eventName`* - Can use any operator. You can use it to \ufb01lter in or \ufb01lter out any data event logged to CloudTrail, such as `PutBucket` or `GetSnapshotBlock` . You can have multiple values for this \ufb01eld, separated by commas.\n- *`eventCategory`* - This is required and must be set to `Equals` .\n\n- For CloudTrail event records, the value must be `Management` or `Data` .\n- For CloudTrail Insights event records, the value must be `Insight` .\n- For AWS Config configuration items, the value must be `ConfigurationItem` .\n- For Audit Manager evidence, the value must be `Evidence` .\n- For non- AWS events, the value must be `ActivityAuditLog` .\n- *`resources.type`* - This \ufb01eld is required for CloudTrail data events. `resources.type` can only use the `Equals` operator, and the value can be one of the following:\n\n- `AWS::DynamoDB::Table`\n- `AWS::Lambda::Function`\n- `AWS::S3::Object`\n- `AWS::CloudTrail::Channel`\n- `AWS::CodeWhisperer::Customization`\n- `AWS::CodeWhisperer::Profile`\n- `AWS::Cognito::IdentityPool`\n- `AWS::DynamoDB::Stream`\n- `AWS::EC2::Snapshot`\n- `AWS::EMRWAL::Workspace`\n- `AWS::FinSpace::Environment`\n- `AWS::Glue::Table`\n- `AWS::GuardDuty::Detector`\n- `AWS::KendraRanking::ExecutionPlan`\n- `AWS::KinesisVideo::Stream`\n- `AWS::ManagedBlockchain::Network`\n- `AWS::ManagedBlockchain::Node`\n- `AWS::MedicalImaging::Datastore`\n- `AWS::PCAConnectorAD::Connector`\n- `AWS::SageMaker::Endpoint`\n- `AWS::SageMaker::ExperimentTrialComponent`\n- `AWS::SageMaker::FeatureGroup`\n- `AWS::ServiceDiscovery::Namespace`\n- `AWS::ServiceDiscovery::Service`\n- `AWS::SNS::PlatformEndpoint`\n- `AWS::SNS::Topic`\n- `AWS::SQS::Queue`\n- `AWS::S3::AccessPoint`\n- `AWS::S3ObjectLambda::AccessPoint`\n- `AWS::S3Outposts::Object`\n- `AWS::SSMMessages::ControlChannel`\n- `AWS::Timestream::Database`\n- `AWS::Timestream::Table`\n- `AWS::VerifiedPermissions::PolicyStore`\n\nYou can have only one `resources.type` \ufb01eld per selector. To log data events on more than one resource type, add another selector.\n- *`resources.ARN`* - You can use any operator with `resources.ARN` , but if you use `Equals` or `NotEquals` , the value must exactly match the ARN of a valid resource of the type you've speci\ufb01ed in the template as the value of resources.type. For example, if resources.type equals `AWS::S3::Object` , the ARN must be in one of the following formats. To log all data events for all objects in a specific S3 bucket, use the `StartsWith` operator, and include only the bucket ARN as the matching value.\n\nThe trailing slash is intentional; do not exclude it. Replace the text between less than and greater than symbols (<>) with resource-specific information.\n\n- `arn::s3:::/`\n- `arn::s3::://`\n\nWhen resources.type equals `AWS::DynamoDB::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::dynamodb:::table/`\n\nWhen resources.type equals `AWS::Lambda::Function` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::lambda:::function:`\n\nWhen resources.type equals `AWS::CloudTrail::Channel` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::cloudtrail:::channel/`\n\nWhen resources.type equals `AWS::CodeWhisperer::Customization` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::codewhisperer:::customization/`\n\nWhen resources.type equals `AWS::CodeWhisperer::Profile` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::codewhisperer:::profile/`\n\nWhen resources.type equals `AWS::Cognito::IdentityPool` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::cognito-identity:::identitypool/`\n\nWhen `resources.type` equals `AWS::DynamoDB::Stream` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::dynamodb:::table//stream/`\n\nWhen `resources.type` equals `AWS::EC2::Snapshot` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::ec2:::snapshot/`\n\nWhen `resources.type` equals `AWS::EMRWAL::Workspace` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::emrwal:::workspace/`\n\nWhen `resources.type` equals `AWS::FinSpace::Environment` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::finspace:::environment/`\n\nWhen `resources.type` equals `AWS::Glue::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::glue:::table//`\n\nWhen `resources.type` equals `AWS::GuardDuty::Detector` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::guardduty:::detector/`\n\nWhen `resources.type` equals `AWS::KendraRanking::ExecutionPlan` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::kendra-ranking:::rescore-execution-plan/`\n\nWhen `resources.type` equals `AWS::KinesisVideo::Stream` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::kinesisvideo:::stream/`\n\nWhen `resources.type` equals `AWS::ManagedBlockchain::Network` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::managedblockchain:::networks/`\n\nWhen `resources.type` equals `AWS::ManagedBlockchain::Node` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::managedblockchain:::nodes/`\n\nWhen `resources.type` equals `AWS::MedicalImaging::Datastore` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::medical-imaging:::datastore/`\n\nWhen `resources.type` equals `AWS::PCAConnectorAD::Connector` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::pca-connector-ad:::connector/`\n\nWhen `resources.type` equals `AWS::SageMaker::Endpoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::endpoint/`\n\nWhen `resources.type` equals `AWS::SageMaker::ExperimentTrialComponent` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::experiment-trial-component/`\n\nWhen `resources.type` equals `AWS::SageMaker::FeatureGroup` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::feature-group/`\n\nWhen `resources.type` equals `AWS::ServiceDiscovery::Namespace` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::servicediscovery:::namespace/`\n\nWhen `resources.type` equals `AWS::ServiceDiscovery::Service` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::servicediscovery:::service/`\n\nWhen `resources.type` equals `AWS::SNS::PlatformEndpoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sns:::endpoint///`\n\nWhen `resources.type` equals `AWS::SNS::Topic` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sns:::`\n\nWhen `resources.type` equals `AWS::SQS::Queue` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sqs:::`\n\nWhen `resources.type` equals `AWS::S3::AccessPoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in one of the following formats. To log events on all objects in an S3 access point, we recommend that you use only the access point ARN, don\u2019t include the object path, and use the `StartsWith` or `NotStartsWith` operators.\n\n- `arn::s3:::accesspoint/`\n- `arn::s3:::accesspoint//object/`\n\nWhen `resources.type` equals `AWS::S3ObjectLambda::AccessPoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::s3-object-lambda:::accesspoint/`\n\nWhen `resources.type` equals `AWS::S3Outposts::Object` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::s3-outposts:::`\n\nWhen `resources.type` equals `AWS::SSMMessages::ControlChannel` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::ssmmessages:::control-channel/`\n\nWhen `resources.type` equals `AWS::Timestream::Database` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::timestream:::database/`\n\nWhen `resources.type` equals `AWS::Timestream::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::timestream:::database//table/`\n\nWhen resources.type equals `AWS::VerifiedPermissions::PolicyStore` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::verifiedpermissions:::policy-store/`", "title": "Field", "type": "string" }, @@ -35287,7 +35287,7 @@ "additionalProperties": false, "properties": { "Type": { - "markdownDescription": "The resource type in which you want to log data events. You can specify the following *basic* event selector resource types:\n\n- `AWS::DynamoDB::Table`\n- `AWS::Lambda::Function`\n- `AWS::S3::Object`\n\nThe following resource types are also available through *advanced* event selectors. Basic event selector resource types are valid in advanced event selectors, but advanced event selector resource types are not valid in basic event selectors. For more information, see [AdvancedFieldSelector](https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AdvancedFieldSelector.html) .\n\n- `AWS::CloudTrail::Channel`\n- `AWS::CodeWhisperer::Customization`\n- `AWS::CodeWhisperer::Profile`\n- `AWS::Cognito::IdentityPool`\n- `AWS::DynamoDB::Stream`\n- `AWS::EC2::Snapshot`\n- `AWS::EMRWAL::Workspace`\n- `AWS::FinSpace::Environment`\n- `AWS::Glue::Table`\n- `AWS::GuardDuty::Detector`\n- `AWS::KendraRanking::ExecutionPlan`\n- `AWS::KinesisVideo::Stream`\n- `AWS::ManagedBlockchain::Network`\n- `AWS::ManagedBlockchain::Node`\n- `AWS::MedicalImaging::Datastore`\n- `AWS::PCAConnectorAD::Connector`\n- `AWS::SageMaker::Endpoint`\n- `AWS::SageMaker::ExperimentTrialComponent`\n- `AWS::SageMaker::FeatureGroup`\n- `AWS::SNS::PlatformEndpoint`\n- `AWS::SNS::Topic`\n- `AWS::S3::AccessPoint`\n- `AWS::S3ObjectLambda::AccessPoint`\n- `AWS::S3Outposts::Object`\n- `AWS::SSMMessages::ControlChannel`\n- `AWS::Timestream::Database`\n- `AWS::Timestream::Table`\n- `AWS::VerifiedPermissions::PolicyStore`", + "markdownDescription": "The resource type in which you want to log data events. You can specify the following *basic* event selector resource types:\n\n- `AWS::DynamoDB::Table`\n- `AWS::Lambda::Function`\n- `AWS::S3::Object`\n\nThe following resource types are also available through *advanced* event selectors. Basic event selector resource types are valid in advanced event selectors, but advanced event selector resource types are not valid in basic event selectors. For more information, see [AdvancedFieldSelector](https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AdvancedFieldSelector.html) .\n\n- `AWS::CloudTrail::Channel`\n- `AWS::CodeWhisperer::Customization`\n- `AWS::CodeWhisperer::Profile`\n- `AWS::Cognito::IdentityPool`\n- `AWS::DynamoDB::Stream`\n- `AWS::EC2::Snapshot`\n- `AWS::EMRWAL::Workspace`\n- `AWS::FinSpace::Environment`\n- `AWS::Glue::Table`\n- `AWS::GuardDuty::Detector`\n- `AWS::KendraRanking::ExecutionPlan`\n- `AWS::KinesisVideo::Stream`\n- `AWS::ManagedBlockchain::Network`\n- `AWS::ManagedBlockchain::Node`\n- `AWS::MedicalImaging::Datastore`\n- `AWS::PCAConnectorAD::Connector`\n- `AWS::SageMaker::Endpoint`\n- `AWS::SageMaker::ExperimentTrialComponent`\n- `AWS::SageMaker::FeatureGroup`\n- `AWS::ServiceDiscovery::Namespace`\n- `AWS::ServiceDiscovery::Service`\n- `AWS::SNS::PlatformEndpoint`\n- `AWS::SNS::Topic`\n- `AWS::SQS::Queue`\n- `AWS::S3::AccessPoint`\n- `AWS::S3ObjectLambda::AccessPoint`\n- `AWS::S3Outposts::Object`\n- `AWS::SSMMessages::ControlChannel`\n- `AWS::Timestream::Database`\n- `AWS::Timestream::Table`\n- `AWS::VerifiedPermissions::PolicyStore`", "title": "Type", "type": "string" }, @@ -49629,7 +49629,7 @@ }, "PolicyDetails": { "$ref": "#/definitions/AWS::DLM::LifecyclePolicy.PolicyDetails", - "markdownDescription": "The configuration details of the lifecycle policy.", + "markdownDescription": "The configuration details of the lifecycle policy.\n\n> If you create a default policy, you can specify the request parameters either in the request body, or in the PolicyDetails request structure, but not both.", "title": "PolicyDetails" }, "State": { @@ -49738,7 +49738,7 @@ "type": "string" }, "Location": { - "markdownDescription": "*[Snapshot policies only]* Specifies the destination for snapshots created by the policy. To create snapshots in the same Region as the source resource, specify `CLOUD` . To create snapshots on the same Outpost as the source resource, specify `OUTPOST_LOCAL` . If you omit this parameter, `CLOUD` is used by default.\n\nIf the policy targets resources in an AWS Region , then you must create snapshots in the same Region as the source resource. If the policy targets resources on an Outpost, then you can create snapshots on the same Outpost as the source resource, or in the Region of that Outpost.", + "markdownDescription": "*[Custom snapshot policies only]* Specifies the destination for snapshots created by the policy. To create snapshots in the same Region as the source resource, specify `CLOUD` . To create snapshots on the same Outpost as the source resource, specify `OUTPOST_LOCAL` . If you omit this parameter, `CLOUD` is used by default.\n\nIf the policy targets resources in an AWS Region , then you must create snapshots in the same Region as the source resource. If the policy targets resources on an Outpost, then you can create snapshots on the same Outpost as the source resource, or in the Region of that Outpost.", "title": "Location", "type": "string" }, @@ -49746,7 +49746,7 @@ "items": { "$ref": "#/definitions/AWS::DLM::LifecyclePolicy.Script" }, - "markdownDescription": "*[Snapshot policies that target instances only]* Specifies pre and/or post scripts for a snapshot lifecycle policy that targets instances. This is useful for creating application-consistent snapshots, or for performing specific administrative tasks before or after Amazon Data Lifecycle Manager initiates snapshot creation.\n\nFor more information, see [Automating application-consistent snapshots with pre and post scripts](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/automate-app-consistent-backups.html) .", + "markdownDescription": "*[Custom snapshot policies that target instances only]* Specifies pre and/or post scripts for a snapshot lifecycle policy that targets instances. This is useful for creating application-consistent snapshots, or for performing specific administrative tasks before or after Amazon Data Lifecycle Manager initiates snapshot creation.\n\nFor more information, see [Automating application-consistent snapshots with pre and post scripts](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/automate-app-consistent-backups.html) .", "title": "Scripts", "type": "array" }, @@ -49841,7 +49841,7 @@ }, "DeprecateRule": { "$ref": "#/definitions/AWS::DLM::LifecyclePolicy.CrossRegionCopyDeprecateRule", - "markdownDescription": "*[AMI policies only]* The AMI deprecation rule for cross-Region AMI copies created by the rule.", + "markdownDescription": "*[Custom AMI policies only]* The AMI deprecation rule for cross-Region AMI copies created by the rule.", "title": "DeprecateRule" }, "Encrypted": { @@ -49855,12 +49855,12 @@ "title": "RetainRule" }, "Target": { - "markdownDescription": "> Use this parameter for snapshot policies only. For AMI policies, use *TargetRegion* instead. \n\n*[Snapshot policies only]* The target Region or the Amazon Resource Name (ARN) of the target Outpost for the snapshot copies.", + "markdownDescription": "> Use this parameter for snapshot policies only. For AMI policies, use *TargetRegion* instead. \n\n*[Custom snapshot policies only]* The target Region or the Amazon Resource Name (ARN) of the target Outpost for the snapshot copies.", "title": "Target", "type": "string" }, "TargetRegion": { - "markdownDescription": "> Use this parameter for AMI policies only. For snapshot policies, use *Target* instead. For snapshot policies created before the *Target* parameter was introduced, this parameter indicates the target Region for snapshot copies. \n\n*[AMI policies only]* The target Region or the Amazon Resource Name (ARN) of the target Outpost for the snapshot copies.", + "markdownDescription": "> Use this parameter for AMI policies only. For snapshot policies, use *Target* instead. For snapshot policies created before the *Target* parameter was introduced, this parameter indicates the target Region for snapshot copies. \n\n*[Custom AMI policies only]* The target Region or the Amazon Resource Name (ARN) of the target Outpost for the snapshot copies.", "title": "TargetRegion", "type": "string" } @@ -49990,7 +49990,7 @@ "additionalProperties": false, "properties": { "ExcludeBootVolume": { - "markdownDescription": "*[Snapshot policies that target instances only]* Indicates whether to exclude the root volume from multi-volume snapshot sets. The default is `false` . If you specify `true` , then the root volumes attached to targeted instances will be excluded from the multi-volume snapshot sets created by the policy.", + "markdownDescription": "*[Custom snapshot policies that target instances only]* Indicates whether to exclude the root volume from multi-volume snapshot sets. The default is `false` . If you specify `true` , then the root volumes attached to targeted instances will be excluded from the multi-volume snapshot sets created by the policy.", "title": "ExcludeBootVolume", "type": "boolean" }, @@ -49998,12 +49998,12 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "*[Snapshot policies that target instances only]* The tags used to identify data (non-root) volumes to exclude from multi-volume snapshot sets.\n\nIf you create a snapshot lifecycle policy that targets instances and you specify tags for this parameter, then data volumes with the specified tags that are attached to targeted instances will be excluded from the multi-volume snapshot sets created by the policy.", + "markdownDescription": "*[Custom snapshot policies that target instances only]* The tags used to identify data (non-root) volumes to exclude from multi-volume snapshot sets.\n\nIf you create a snapshot lifecycle policy that targets instances and you specify tags for this parameter, then data volumes with the specified tags that are attached to targeted instances will be excluded from the multi-volume snapshot sets created by the policy.", "title": "ExcludeDataVolumeTags", "type": "array" }, "NoReboot": { - "markdownDescription": "*[AMI policies only]* Indicates whether targeted instances are rebooted when the lifecycle policy runs. `true` indicates that targeted instances are not rebooted when the policy runs. `false` indicates that target instances are rebooted when the policy runs. The default is `true` (instances are not rebooted).", + "markdownDescription": "*[Custom AMI policies only]* Indicates whether targeted instances are rebooted when the lifecycle policy runs. `true` indicates that targeted instances are not rebooted when the policy runs. `false` indicates that target instances are rebooted when the policy runs. The default is `true` (instances are not rebooted).", "title": "NoReboot", "type": "boolean" } @@ -50028,11 +50028,11 @@ }, "Parameters": { "$ref": "#/definitions/AWS::DLM::LifecyclePolicy.Parameters", - "markdownDescription": "*[Snapshot and AMI policies only]* A set of optional parameters for snapshot and AMI lifecycle policies.\n\n> If you are modifying a policy that was created or previously modified using the Amazon Data Lifecycle Manager console, then you must include this parameter and specify either the default values or the new values that you require. You can't omit this parameter or set its values to null.", + "markdownDescription": "*[Custom snapshot and AMI policies only]* A set of optional parameters for snapshot and AMI lifecycle policies.\n\n> If you are modifying a policy that was created or previously modified using the Amazon Data Lifecycle Manager console, then you must include this parameter and specify either the default values or the new values that you require. You can't omit this parameter or set its values to null.", "title": "Parameters" }, "PolicyType": { - "markdownDescription": "*[All policy types]* The valid target resource types and actions a policy can manage. Specify `EBS_SNAPSHOT_MANAGEMENT` to create a lifecycle policy that manages the lifecycle of Amazon EBS snapshots. Specify `IMAGE_MANAGEMENT` to create a lifecycle policy that manages the lifecycle of EBS-backed AMIs. Specify `EVENT_BASED_POLICY` to create an event-based policy that performs specific actions when a defined event occurs in your AWS account .\n\nThe default is `EBS_SNAPSHOT_MANAGEMENT` .", + "markdownDescription": "*[Custom policies only]* The valid target resource types and actions a policy can manage. Specify `EBS_SNAPSHOT_MANAGEMENT` to create a lifecycle policy that manages the lifecycle of Amazon EBS snapshots. Specify `IMAGE_MANAGEMENT` to create a lifecycle policy that manages the lifecycle of EBS-backed AMIs. Specify `EVENT_BASED_POLICY` to create an event-based policy that performs specific actions when a defined event occurs in your AWS account .\n\nThe default is `EBS_SNAPSHOT_MANAGEMENT` .", "title": "PolicyType", "type": "string" }, @@ -50040,7 +50040,7 @@ "items": { "type": "string" }, - "markdownDescription": "*[Snapshot and AMI policies only]* The location of the resources to backup. If the source resources are located in an AWS Region , specify `CLOUD` . If the source resources are located on an Outpost in your account, specify `OUTPOST` .\n\nIf you specify `OUTPOST` , Amazon Data Lifecycle Manager backs up all resources of the specified type with matching target tags across all of the Outposts in your account.", + "markdownDescription": "*[Custom snapshot and AMI policies only]* The location of the resources to backup. If the source resources are located in an AWS Region , specify `CLOUD` . If the source resources are located on an Outpost in your account, specify `OUTPOST` .\n\nIf you specify `OUTPOST` , Amazon Data Lifecycle Manager backs up all resources of the specified type with matching target tags across all of the Outposts in your account.", "title": "ResourceLocations", "type": "array" }, @@ -50048,7 +50048,7 @@ "items": { "type": "string" }, - "markdownDescription": "*[Snapshot policies only]* The target resource type for snapshot and AMI lifecycle policies. Use `VOLUME` to create snapshots of individual volumes or use `INSTANCE` to create multi-volume snapshots from the volumes for an instance.", + "markdownDescription": "*[Custom snapshot policies only]* The target resource type for snapshot and AMI lifecycle policies. Use `VOLUME` to create snapshots of individual volumes or use `INSTANCE` to create multi-volume snapshots from the volumes for an instance.", "title": "ResourceTypes", "type": "array" }, @@ -50056,7 +50056,7 @@ "items": { "$ref": "#/definitions/AWS::DLM::LifecyclePolicy.Schedule" }, - "markdownDescription": "*[Snapshot and AMI policies only]* The schedules of policy-defined actions for snapshot and AMI lifecycle policies. A policy can have up to four schedules\u2014one mandatory schedule and up to three optional schedules.", + "markdownDescription": "*[Custom snapshot and AMI policies only]* The schedules of policy-defined actions for snapshot and AMI lifecycle policies. A policy can have up to four schedules\u2014one mandatory schedule and up to three optional schedules.", "title": "Schedules", "type": "array" }, @@ -50064,7 +50064,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "*[Snapshot and AMI policies only]* The single tag that identifies targeted resources for this policy.", + "markdownDescription": "*[Custom snapshot and AMI policies only]* The single tag that identifies targeted resources for this policy.", "title": "TargetTags", "type": "array" } @@ -50118,7 +50118,7 @@ "properties": { "ArchiveRule": { "$ref": "#/definitions/AWS::DLM::LifecyclePolicy.ArchiveRule", - "markdownDescription": "*[Snapshot policies that target volumes only]* The snapshot archiving rule for the schedule. When you specify an archiving rule, snapshots are automatically moved from the standard tier to the archive tier once the schedule's retention threshold is met. Snapshots are then retained in the archive tier for the archive retention period that you specify.\n\nFor more information about using snapshot archiving, see [Considerations for snapshot lifecycle policies](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshot-ami-policy.html#dlm-archive) .", + "markdownDescription": "*[Custom snapshot policies that target volumes only]* The snapshot archiving rule for the schedule. When you specify an archiving rule, snapshots are automatically moved from the standard tier to the archive tier once the schedule's retention threshold is met. Snapshots are then retained in the archive tier for the archive retention period that you specify.\n\nFor more information about using snapshot archiving, see [Considerations for snapshot lifecycle policies](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshot-ami-policy.html#dlm-archive) .", "title": "ArchiveRule" }, "CopyTags": { @@ -50141,12 +50141,12 @@ }, "DeprecateRule": { "$ref": "#/definitions/AWS::DLM::LifecyclePolicy.DeprecateRule", - "markdownDescription": "*[AMI policies only]* The AMI deprecation rule for the schedule.", + "markdownDescription": "*[Custom AMI policies only]* The AMI deprecation rule for the schedule.", "title": "DeprecateRule" }, "FastRestoreRule": { "$ref": "#/definitions/AWS::DLM::LifecyclePolicy.FastRestoreRule", - "markdownDescription": "*[Snapshot policies only]* The rule for enabling fast snapshot restore.", + "markdownDescription": "*[Custom snapshot policies only]* The rule for enabling fast snapshot restore.", "title": "FastRestoreRule" }, "Name": { @@ -50163,7 +50163,7 @@ "items": { "$ref": "#/definitions/AWS::DLM::LifecyclePolicy.ShareRule" }, - "markdownDescription": "*[Snapshot policies only]* The rule for sharing snapshots with other AWS accounts .", + "markdownDescription": "*[Custom snapshot policies only]* The rule for sharing snapshots with other AWS accounts .", "title": "ShareRules", "type": "array" }, @@ -68995,7 +68995,7 @@ "additionalProperties": false, "properties": { "Ipv6CidrBlock": { - "markdownDescription": "The IPv6 network range for the subnet, in CIDR notation. The subnet size must use a /64 prefix length.\n\nThis parameter is required for an IPv6 only subnet.", + "markdownDescription": "The IPv6 network range for the subnet, in CIDR notation. This parameter is required for an IPv6 only subnet.", "title": "Ipv6CidrBlock", "type": "string" }, @@ -70934,7 +70934,7 @@ "additionalProperties": false, "properties": { "AmazonProvidedIpv6CidrBlock": { - "markdownDescription": "Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IPv6 addresses, or the size of the CIDR block.", + "markdownDescription": "Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IPv6 addresses or the size of the CIDR block.", "title": "AmazonProvidedIpv6CidrBlock", "type": "boolean" }, @@ -106957,7 +106957,7 @@ "properties": { "S3Config": { "$ref": "#/definitions/AWS::InternetMonitor::Monitor.S3Config", - "markdownDescription": "The configuration for publishing Amazon CloudWatch Internet Monitor internet measurements to Amazon S3.", + "markdownDescription": "The configuration information for publishing Internet Monitor internet measurements to Amazon S3. The configuration includes the bucket name and (optionally) prefix for the S3 bucket to store the measurements, and the delivery status. The delivery status is `ENABLED` or `DISABLED` , depending on whether you choose to deliver internet measurements to S3 logs.", "title": "S3Config" } }, @@ -106988,17 +106988,17 @@ "additionalProperties": false, "properties": { "BucketName": { - "markdownDescription": "The Amazon S3 bucket name for internet measurements publishing.", + "markdownDescription": "The Amazon S3 bucket name.", "title": "BucketName", "type": "string" }, "BucketPrefix": { - "markdownDescription": "An optional Amazon S3 bucket prefix for internet measurements publishing.", + "markdownDescription": "The Amazon S3 bucket prefix.", "title": "BucketPrefix", "type": "string" }, "LogDeliveryStatus": { - "markdownDescription": "The status of publishing Internet Monitor internet measurements to an Amazon S3 bucket. The delivery status is `ENABLED` if you choose to deliver internet measurements to an S3 bucket, and `DISABLED` otherwise.", + "markdownDescription": "The status of publishing Internet Monitor internet measurements to an Amazon S3 bucket.", "title": "LogDeliveryStatus", "type": "string" } @@ -128634,7 +128634,7 @@ "additionalProperties": false, "properties": { "Destination": { - "markdownDescription": "The Amazon Resource Name (ARN) of the destination resource.", + "markdownDescription": "The Amazon Resource Name (ARN) of the destination resource.\n\nTo retain records of [asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations) , you can configure an Amazon SNS topic, Amazon SQS queue, Lambda function, or Amazon EventBridge event bus as the destination.\n\nTo retain records of failed invocations from [Kinesis and DynamoDB event sources](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventsourcemapping.html#event-source-mapping-destinations) , you can configure an Amazon SNS topic or Amazon SQS queue as the destination.\n\nTo retain records of failed invocations from [self-managed Kafka](https://docs.aws.amazon.com/lambda/latest/dg/with-kafka.html#services-smaa-onfailure-destination) or [Amazon MSK](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-onfailure-destination) , you can configure an Amazon SNS topic or Amazon SQS queue as the destination.", "title": "Destination", "type": "string" } @@ -128724,7 +128724,7 @@ "type": "boolean" }, "EventSourceArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of the event source.\n\n- *Amazon Kinesis* \u2013 The ARN of the data stream or a stream consumer.\n- *Amazon DynamoDB Streams* \u2013 The ARN of the stream.\n- *Amazon Simple Queue Service* \u2013 The ARN of the queue.\n- *Amazon Managed Streaming for Apache Kafka* \u2013 The ARN of the cluster.\n- *Amazon MQ* \u2013 The ARN of the broker.\n- *Amazon DocumentDB* \u2013 The ARN of the DocumentDB change stream.", + "markdownDescription": "The Amazon Resource Name (ARN) of the event source.\n\n- *Amazon Kinesis* \u2013 The ARN of the data stream or a stream consumer.\n- *Amazon DynamoDB Streams* \u2013 The ARN of the stream.\n- *Amazon Simple Queue Service* \u2013 The ARN of the queue.\n- *Amazon Managed Streaming for Apache Kafka* \u2013 The ARN of the cluster or the ARN of the VPC connection (for [cross-account event source mappings](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#msk-multi-vpc) ).\n- *Amazon MQ* \u2013 The ARN of the broker.\n- *Amazon DocumentDB* \u2013 The ARN of the DocumentDB change stream.", "title": "EventSourceArn", "type": "string" }, @@ -128933,7 +128933,7 @@ "additionalProperties": false, "properties": { "Destination": { - "markdownDescription": "The Amazon Resource Name (ARN) of the destination resource.", + "markdownDescription": "The Amazon Resource Name (ARN) of the destination resource.\n\nTo retain records of [asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations) , you can configure an Amazon SNS topic, Amazon SQS queue, Lambda function, or Amazon EventBridge event bus as the destination.\n\nTo retain records of failed invocations from [Kinesis and DynamoDB event sources](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventsourcemapping.html#event-source-mapping-destinations) , you can configure an Amazon SNS topic or Amazon SQS queue as the destination.\n\nTo retain records of failed invocations from [self-managed Kafka](https://docs.aws.amazon.com/lambda/latest/dg/with-kafka.html#services-smaa-onfailure-destination) or [Amazon MSK](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-onfailure-destination) , you can configure an Amazon SNS topic or Amazon SQS queue as the destination.", "title": "Destination", "type": "string" } @@ -167765,7 +167765,7 @@ }, "Options": { "$ref": "#/definitions/AWS::QuickSight::Analysis.AssetOptions", - "markdownDescription": "", + "markdownDescription": "An array of option definitions for an analysis.", "title": "Options" }, "ParameterDeclarations": { @@ -167927,12 +167927,12 @@ "additionalProperties": false, "properties": { "Timezone": { - "markdownDescription": "", + "markdownDescription": "Determines the timezone for the analysis.", "title": "Timezone", "type": "string" }, "WeekStart": { - "markdownDescription": "", + "markdownDescription": "Determines the week start day for an analysis.", "title": "WeekStart", "type": "string" } @@ -178931,7 +178931,7 @@ "additionalProperties": false, "properties": { "Mode": { - "markdownDescription": "The mode of validation for the asset to be creaed or updated. When you set this value to `STRICT` , strict validation for every error is enforced. When you set this value to `LENIENT` , validation is skipped for specific UI errors.", + "markdownDescription": "The mode of validation for the asset to be created or updated. When you set this value to `STRICT` , strict validation for every error is enforced. When you set this value to `LENIENT` , validation is skipped for specific UI errors.", "title": "Mode", "type": "string" } @@ -179624,7 +179624,7 @@ }, "LinkSharingConfiguration": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.LinkSharingConfiguration", - "markdownDescription": "A structure that contains the configuration of a shareable link to the dashboard.", + "markdownDescription": "A structure that contains the link sharing configurations that you want to apply overrides to.", "title": "LinkSharingConfiguration" }, "Name": { @@ -179857,12 +179857,12 @@ "additionalProperties": false, "properties": { "Timezone": { - "markdownDescription": "", + "markdownDescription": "Determines the timezone for the analysis.", "title": "Timezone", "type": "string" }, "WeekStart": { - "markdownDescription": "", + "markdownDescription": "Determines the week start day for an analysis.", "title": "WeekStart", "type": "string" } @@ -182022,7 +182022,7 @@ }, "Options": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.AssetOptions", - "markdownDescription": "", + "markdownDescription": "An array of option definitions for a dashboard.", "title": "Options" }, "ParameterDeclarations": { @@ -191228,7 +191228,7 @@ "additionalProperties": false, "properties": { "Mode": { - "markdownDescription": "The mode of validation for the asset to be creaed or updated. When you set this value to `STRICT` , strict validation for every error is enforced. When you set this value to `LENIENT` , validation is skipped for specific UI errors.", + "markdownDescription": "The mode of validation for the asset to be created or updated. When you set this value to `STRICT` , strict validation for every error is enforced. When you set this value to `LENIENT` , validation is skipped for specific UI errors.", "title": "Mode", "type": "string" } @@ -192696,12 +192696,12 @@ "type": "string" }, "Name": { - "markdownDescription": "A display name for the dataset.", + "markdownDescription": "The display name of the column..", "title": "Name", "type": "string" }, "Type": { - "markdownDescription": "The type.", + "markdownDescription": "The data type of the column.", "title": "Type", "type": "string" } @@ -194363,12 +194363,12 @@ "additionalProperties": false, "properties": { "Timezone": { - "markdownDescription": "", + "markdownDescription": "Determines the timezone for the analysis.", "title": "Timezone", "type": "string" }, "WeekStart": { - "markdownDescription": "", + "markdownDescription": "Determines the week start day for an analysis.", "title": "WeekStart", "type": "string" } @@ -204728,7 +204728,7 @@ }, "Options": { "$ref": "#/definitions/AWS::QuickSight::Template.AssetOptions", - "markdownDescription": "", + "markdownDescription": "An array of option definitions for a template.", "title": "Options" }, "ParameterDeclarations": { @@ -205513,7 +205513,7 @@ "additionalProperties": false, "properties": { "Mode": { - "markdownDescription": "The mode of validation for the asset to be creaed or updated. When you set this value to `STRICT` , strict validation for every error is enforced. When you set this value to `LENIENT` , validation is skipped for specific UI errors.", + "markdownDescription": "The mode of validation for the asset to be created or updated. When you set this value to `STRICT` , strict validation for every error is enforced. When you set this value to `LENIENT` , validation is skipped for specific UI errors.", "title": "Mode", "type": "string" } @@ -213187,7 +213187,7 @@ "additionalProperties": false, "properties": { "AppAssessmentSchedule": { - "markdownDescription": "", + "markdownDescription": "Assessment execution schedule with 'Daily' or 'Disabled' values.", "title": "AppAssessmentSchedule", "type": "string" }, @@ -213197,7 +213197,7 @@ "type": "string" }, "Description": { - "markdownDescription": "", + "markdownDescription": "Optional description for an application.", "title": "Description", "type": "string" }, @@ -213205,18 +213205,18 @@ "items": { "$ref": "#/definitions/AWS::ResilienceHub::App.EventSubscription" }, - "markdownDescription": "", + "markdownDescription": "The list of events you would like to subscribe and get notification for. Currently, AWS Resilience Hub supports notifications only for *Drift detected* and *Scheduled assessment failure* events.", "title": "EventSubscriptions", "type": "array" }, "Name": { - "markdownDescription": "", + "markdownDescription": "Name for the application.", "title": "Name", "type": "string" }, "PermissionModel": { "$ref": "#/definitions/AWS::ResilienceHub::App.PermissionModel", - "markdownDescription": "", + "markdownDescription": "Defines the roles and credentials that AWS Resilience Hub would use while creating the application, importing its resources, and running an assessment.", "title": "PermissionModel" }, "ResiliencyPolicyArn": { @@ -213234,7 +213234,7 @@ }, "Tags": { "additionalProperties": true, - "markdownDescription": "", + "markdownDescription": "Tags assigned to the resource. A tag is a label that you assign to an AWS resource. Each tag consists of a key/value pair.", "patternProperties": { "^[a-zA-Z0-9]+$": { "type": "string" @@ -213276,17 +213276,17 @@ "additionalProperties": false, "properties": { "EventType": { - "markdownDescription": "", + "markdownDescription": "The type of event you would like to subscribe and get notification for. Currently, AWS Resilience Hub supports notifications only for *Drift detected* ( `DriftDetected` ) and *Scheduled assessment failure* ( `ScheduledAssessmentFailure` ) events.", "title": "EventType", "type": "string" }, "Name": { - "markdownDescription": "", + "markdownDescription": "Unique name to identify an event subscription.", "title": "Name", "type": "string" }, "SnsTopicArn": { - "markdownDescription": "", + "markdownDescription": "Amazon Resource Name (ARN) of the Amazon Simple Notification Service topic. The format for this ARN is: `arn:partition:sns:region:account:topic-name` . For more information about ARNs, see [Amazon Resource Names (ARNs)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* guide.", "title": "SnsTopicArn", "type": "string" } @@ -213304,17 +213304,17 @@ "items": { "type": "string" }, - "markdownDescription": "", + "markdownDescription": "Defines a list of role Amazon Resource Names (ARNs) to be used in other accounts. These ARNs are used for querying purposes while importing resources and assessing your application.\n\n> - These ARNs are required only when your resources are in other accounts and you have different role name in these accounts. Else, the invoker role name will be used in the other accounts.\n> - These roles must have a trust policy with `iam:AssumeRole` permission to the invoker role in the primary account.", "title": "CrossAccountRoleArns", "type": "array" }, "InvokerRoleName": { - "markdownDescription": "", + "markdownDescription": "Existing AWS IAM role name in the primary AWS account that will be assumed by AWS Resilience Hub Service Principle to obtain a read-only access to your application resources while running an assessment.\n\n> - You must have `iam:passRole` permission for this role while creating or updating the application.\n> - Currently, `invokerRoleName` accepts only `[A-Za-z0-9_+=,.@-]` characters.", "title": "InvokerRoleName", "type": "string" }, "Type": { - "markdownDescription": "", + "markdownDescription": "Defines how AWS Resilience Hub scans your resources. It can scan for the resources by using a pre-existing role in your AWS account, or by using the credentials of the current IAM user.", "title": "Type", "type": "string" } @@ -213328,22 +213328,22 @@ "additionalProperties": false, "properties": { "AwsAccountId": { - "markdownDescription": "", + "markdownDescription": "The AWS account that owns the physical resource.", "title": "AwsAccountId", "type": "string" }, "AwsRegion": { - "markdownDescription": "", + "markdownDescription": "The AWS Region that the physical resource is located in.", "title": "AwsRegion", "type": "string" }, "Identifier": { - "markdownDescription": "", + "markdownDescription": "Identifier of the physical resource.", "title": "Identifier", "type": "string" }, "Type": { - "markdownDescription": "", + "markdownDescription": "Specifies the type of physical resource identifier.\n\n- **Arn** - The resource identifier is an Amazon Resource Name (ARN) and it can identify the following list of resources:\n\n- `AWS::ECS::Service`\n- `AWS::EFS::FileSystem`\n- `AWS::ElasticLoadBalancingV2::LoadBalancer`\n- `AWS::Lambda::Function`\n- `AWS::SNS::Topic`\n- **Native** - The resource identifier is an AWS Resilience Hub -native identifier and it can identify the following list of resources:\n\n- `AWS::ApiGateway::RestApi`\n- `AWS::ApiGatewayV2::Api`\n- `AWS::AutoScaling::AutoScalingGroup`\n- `AWS::DocDB::DBCluster`\n- `AWS::DocDB::DBGlobalCluster`\n- `AWS::DocDB::DBInstance`\n- `AWS::DynamoDB::GlobalTable`\n- `AWS::DynamoDB::Table`\n- `AWS::EC2::EC2Fleet`\n- `AWS::EC2::Instance`\n- `AWS::EC2::NatGateway`\n- `AWS::EC2::Volume`\n- `AWS::ElasticLoadBalancing::LoadBalancer`\n- `AWS::RDS::DBCluster`\n- `AWS::RDS::DBInstance`\n- `AWS::RDS::GlobalCluster`\n- `AWS::Route53::RecordSet`\n- `AWS::S3::Bucket`\n- `AWS::SQS::Queue`", "title": "Type", "type": "string" } @@ -213358,32 +213358,32 @@ "additionalProperties": false, "properties": { "EksSourceName": { - "markdownDescription": "", + "markdownDescription": "Name of the Amazon Elastic Kubernetes Service cluster and namespace this resource belongs to.\n\n> This parameter accepts values in \"eks-cluster/namespace\" format.", "title": "EksSourceName", "type": "string" }, "LogicalStackName": { - "markdownDescription": "", + "markdownDescription": "The name of the AWS CloudFormation stack this resource is mapped to.", "title": "LogicalStackName", "type": "string" }, "MappingType": { - "markdownDescription": "", + "markdownDescription": "Specifies the type of resource mapping.\n\n- **AppRegistryApp** - The resource is mapped to another application. The name of the application is contained in the `appRegistryAppName` property.\n- **CfnStack** - The resource is mapped to a AWS CloudFormation stack. The name of the AWS CloudFormation stack is contained in the `logicalStackName` property.\n- **Resource** - The resource is mapped to another resource. The name of the resource is contained in the `resourceName` property.\n- **ResourceGroup** - The resource is mapped to AWS Resource Groups . The name of the resource group is contained in the `resourceGroupName` property.", "title": "MappingType", "type": "string" }, "PhysicalResourceId": { "$ref": "#/definitions/AWS::ResilienceHub::App.PhysicalResourceId", - "markdownDescription": "", + "markdownDescription": "Identifier of the physical resource.", "title": "PhysicalResourceId" }, "ResourceName": { - "markdownDescription": "", + "markdownDescription": "Name of the resource that the resource is mapped to.", "title": "ResourceName", "type": "string" }, "TerraformSourceName": { - "markdownDescription": "", + "markdownDescription": "The short name of the Terraform source.", "title": "TerraformSourceName", "type": "string" } @@ -213430,13 +213430,13 @@ "additionalProperties": false, "properties": { "DataLocationConstraint": { - "markdownDescription": "", + "markdownDescription": "Specifies a high-level geographical location constraint for where your resilience policy data can be stored.", "title": "DataLocationConstraint", "type": "string" }, "Policy": { "additionalProperties": false, - "markdownDescription": "", + "markdownDescription": "The resiliency policy.", "patternProperties": { "^[a-zA-Z0-9]+$": { "$ref": "#/definitions/AWS::ResilienceHub::ResiliencyPolicy.FailurePolicy" @@ -213446,18 +213446,18 @@ "type": "object" }, "PolicyDescription": { - "markdownDescription": "", + "markdownDescription": "The description for the policy.", "title": "PolicyDescription", "type": "string" }, "PolicyName": { - "markdownDescription": "", + "markdownDescription": "The name of the policy", "title": "PolicyName", "type": "string" }, "Tags": { "additionalProperties": true, - "markdownDescription": "", + "markdownDescription": "Tags assigned to the resource. A tag is a label that you assign to an AWS resource. Each tag consists of a key/value pair.", "patternProperties": { "^[a-zA-Z0-9]+$": { "type": "string" @@ -213467,7 +213467,7 @@ "type": "object" }, "Tier": { - "markdownDescription": "", + "markdownDescription": "The tier for this resiliency policy, ranging from the highest severity ( `MissionCritical` ) to lowest ( `NonCritical` ).", "title": "Tier", "type": "string" } @@ -213504,12 +213504,12 @@ "additionalProperties": false, "properties": { "RpoInSecs": { - "markdownDescription": "", + "markdownDescription": "Recovery Point Objective (RPO) in seconds.", "title": "RpoInSecs", "type": "number" }, "RtoInSecs": { - "markdownDescription": "", + "markdownDescription": "Recovery Time Objective (RTO) in seconds.", "title": "RtoInSecs", "type": "number" } @@ -214766,12 +214766,12 @@ "additionalProperties": false, "properties": { "DurationSeconds": { - "markdownDescription": "The number of seconds vended session credentials will be valid for", + "markdownDescription": "Sets the maximum number of seconds that vended temporary credentials through [CreateSession](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html) will be valid for, between 900 and 3600.", "title": "DurationSeconds", "type": "number" }, "Enabled": { - "markdownDescription": "The enabled status of the resource.", + "markdownDescription": "Indicates whether the profile is enabled.", "title": "Enabled", "type": "boolean" }, @@ -214779,17 +214779,17 @@ "items": { "type": "string" }, - "markdownDescription": "A list of managed policy ARNs. Managed policies identified by this list will be applied to the vended session credentials.", + "markdownDescription": "A list of managed policy ARNs that apply to the vended session credentials.", "title": "ManagedPolicyArns", "type": "array" }, "Name": { - "markdownDescription": "The customer specified name of the resource.", + "markdownDescription": "The name of the profile.", "title": "Name", "type": "string" }, "RequireInstanceProperties": { - "markdownDescription": "Specifies whether instance properties are required in CreateSession requests with this profile.", + "markdownDescription": "Specifies whether instance properties are required in temporary credential requests with this profile.", "title": "RequireInstanceProperties", "type": "boolean" }, @@ -214797,12 +214797,12 @@ "items": { "type": "string" }, - "markdownDescription": "A list of IAM role ARNs that can be assumed when this profile is specified in a CreateSession request.", + "markdownDescription": "A list of IAM role ARNs. During `CreateSession` , if a matching role ARN is provided, the properties in this profile will be applied to the intersection session policy.", "title": "RoleArns", "type": "array" }, "SessionPolicy": { - "markdownDescription": "A session policy that will applied to the trust boundary of the vended session credentials.", + "markdownDescription": "A session policy that applies to the trust boundary of the vended session credentials.", "title": "SessionPolicy", "type": "string" }, @@ -214810,7 +214810,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "A list of Tags.", + "markdownDescription": "The tags to attach to the profile.", "title": "Tags", "type": "array" } @@ -214971,11 +214971,11 @@ "properties": { "SourceData": { "$ref": "#/definitions/AWS::RolesAnywhere::TrustAnchor.SourceData", - "markdownDescription": "A union object representing the data field of the TrustAnchor depending on its type", + "markdownDescription": "The data field of the trust anchor depending on its type.", "title": "SourceData" }, "SourceType": { - "markdownDescription": "The type of the TrustAnchor.", + "markdownDescription": "The type of the TrustAnchor.\n\n> `AWS_ACM_PCA` is not an allowed value in your region.", "title": "SourceType", "type": "string" } @@ -222756,7 +222756,7 @@ "type": "string" }, "TracingConfig": { - "markdownDescription": "Tracing mode of an Amazon SNS topic. By default `TracingConfig` is set to `PassThrough` , and the topic passes through the tracing header it receives from an Amazon SNS publisher to its subscriptions. If set to `Active` , Amazon SNS will vend X-Ray segment data to topic owner account if the sampled flag in the tracing header is true. Only supported on standard topics.", + "markdownDescription": "Tracing mode of an Amazon SNS topic. By default `TracingConfig` is set to `PassThrough` , and the topic passes through the tracing header it receives from an Amazon SNS publisher to its subscriptions. If set to `Active` , Amazon SNS will vend X-Ray segment data to topic owner account if the sampled flag in the tracing header is true.", "title": "TracingConfig", "type": "string" } diff --git a/schema_source/cloudformation-docs.json b/schema_source/cloudformation-docs.json index 5e87b1a7c..33859c8cd 100644 --- a/schema_source/cloudformation-docs.json +++ b/schema_source/cloudformation-docs.json @@ -4694,7 +4694,7 @@ "AutomaticStopTimeMinutes": "The number of minutes until the running instance is shut down after the environment was last used.", "ConnectionType": "The connection type used for connecting to an Amazon EC2 environment. Valid values are `CONNECT_SSH` (default) and `CONNECT_SSM` (connected through AWS Systems Manager ).", "Description": "The description of the environment to create.", - "ImageId": "The identifier for the Amazon Machine Image (AMI) that's used to create the EC2 instance. To choose an AMI for the instance, you must specify a valid AMI alias or a valid AWS Systems Manager path.\n\nFrom November 20, 2023, you will be required to include the `imageId` parameter for the `CreateEnvironmentEC2` action. This change will be reflected across all direct methods of communicating with the API, such as AWS SDK, AWS CLI and AWS CloudFormation. This change will only affect direct API consumers, and not AWS Cloud9 console users.\n\nFrom January 22, 2024, Amazon Linux (AL1) will be removed from the list of available image IDs for Cloud9. This is necessary as AL1 will reach the end of maintenance support in December 2023, and as a result will no longer receive security updates. We recommend using Amazon Linux 2 as the new AMI to create your environment as it is fully supported. This change will only affect direct API consumers, and not AWS Cloud9 console users.\n\nSince Ubuntu 18.04 has ended standard support as of May 31, 2023, we recommend you choose Ubuntu 22.04.\n\n*AMI aliases*\n\n- *Amazon Linux (default): `amazonlinux-1-x86_64`*\n- Amazon Linux 2: `amazonlinux-2-x86_64`\n- Ubuntu 18.04: `ubuntu-18.04-x86_64`\n- Ubuntu 22.04: `ubuntu-22.04-x86_64`\n\n*SSM paths*\n\n- *Amazon Linux (default): `resolve:ssm:/aws/service/cloud9/amis/amazonlinux-1-x86_64`*\n- Amazon Linux 2: `resolve:ssm:/aws/service/cloud9/amis/amazonlinux-2-x86_64`\n- Ubuntu 18.04: `resolve:ssm:/aws/service/cloud9/amis/ubuntu-18.04-x86_64`\n- Ubuntu 22.04: `resolve:ssm:/aws/service/cloud9/amis/ubuntu-22.04-x86_64`", + "ImageId": "The identifier for the Amazon Machine Image (AMI) that's used to create the EC2 instance. To choose an AMI for the instance, you must specify a valid AMI alias or a valid AWS Systems Manager path.\n\nFrom November 20, 2023, you will be required to include the `imageId` parameter for the `CreateEnvironmentEC2` action. This change will be reflected across all direct methods of communicating with the API, such as AWS SDK, AWS CLI and AWS CloudFormation. This change will only affect direct API consumers, and not AWS Cloud9 console users.\n\nFrom January 22, 2024, Amazon Linux (AL1) will be removed from the list of available image IDs for Cloud9. This is necessary as AL1 will reach the end of maintenance support in December 2023, and as a result will no longer receive security updates. We recommend using Amazon Linux 2 as the new AMI to create your environment as it is fully supported. This change will only affect direct API consumers, and not AWS Cloud9 console users.\n\nSince Ubuntu 18.04 has ended standard support as of May 31, 2023, we recommend you choose Ubuntu 22.04.\n\n*AMI aliases*\n\n- Amazon Linux: `amazonlinux-1-x86_64`\n- Amazon Linux 2: `amazonlinux-2-x86_64`\n- Ubuntu 18.04: `ubuntu-18.04-x86_64`\n- Ubuntu 22.04: `ubuntu-22.04-x86_64`\n\n*SSM paths*\n\n- Amazon Linux: `resolve:ssm:/aws/service/cloud9/amis/amazonlinux-1-x86_64`\n- Amazon Linux 2: `resolve:ssm:/aws/service/cloud9/amis/amazonlinux-2-x86_64`\n- Ubuntu 18.04: `resolve:ssm:/aws/service/cloud9/amis/ubuntu-18.04-x86_64`\n- Ubuntu 22.04: `resolve:ssm:/aws/service/cloud9/amis/ubuntu-22.04-x86_64`", "InstanceType": "The type of instance to connect to the environment (for example, `t2.micro` ).", "Name": "The name of the environment.", "OwnerArn": "The Amazon Resource Name (ARN) of the environment owner. This ARN can be the ARN of any AWS Identity and Access Management principal. If this value is not specified, the ARN defaults to this environment's creator.", @@ -5376,7 +5376,7 @@ "AWS::CloudTrail::EventDataStore AdvancedFieldSelector": { "EndsWith": "An operator that includes events that match the last few characters of the event record field specified as the value of `Field` .", "Equals": "An operator that includes events that match the exact value of the event record field specified as the value of `Field` . This is the only valid operator that you can use with the `readOnly` , `eventCategory` , and `resources.type` fields.", - "Field": "A field in a CloudTrail event record on which to filter events to be logged. For event data stores for AWS Config configuration items, Audit Manager evidence, or non- AWS events, the field is used only for selecting events as filtering is not supported.\n\nFor CloudTrail event records, supported fields include `readOnly` , `eventCategory` , `eventSource` (for management events), `eventName` , `resources.type` , and `resources.ARN` .\n\nFor event data stores for AWS Config configuration items, Audit Manager evidence, or non- AWS events, the only supported field is `eventCategory` .\n\n- *`readOnly`* - Optional. Can be set to `Equals` a value of `true` or `false` . If you do not add this field, CloudTrail logs both `read` and `write` events. A value of `true` logs only `read` events. A value of `false` logs only `write` events.\n- *`eventSource`* - For filtering management events only. This can be set to `NotEquals` `kms.amazonaws.com` or `NotEquals` `rdsdata.amazonaws.com` .\n- *`eventName`* - Can use any operator. You can use it to \ufb01lter in or \ufb01lter out any data event logged to CloudTrail, such as `PutBucket` or `GetSnapshotBlock` . You can have multiple values for this \ufb01eld, separated by commas.\n- *`eventCategory`* - This is required and must be set to `Equals` .\n\n- For CloudTrail event records, the value must be `Management` or `Data` .\n- For CloudTrail Insights event records, the value must be `Insight` .\n- For AWS Config configuration items, the value must be `ConfigurationItem` .\n- For Audit Manager evidence, the value must be `Evidence` .\n- For non- AWS events, the value must be `ActivityAuditLog` .\n- *`resources.type`* - This \ufb01eld is required for CloudTrail data events. `resources.type` can only use the `Equals` operator, and the value can be one of the following:\n\n- `AWS::DynamoDB::Table`\n- `AWS::Lambda::Function`\n- `AWS::S3::Object`\n- `AWS::CloudTrail::Channel`\n- `AWS::CodeWhisperer::Customization`\n- `AWS::CodeWhisperer::Profile`\n- `AWS::Cognito::IdentityPool`\n- `AWS::DynamoDB::Stream`\n- `AWS::EC2::Snapshot`\n- `AWS::EMRWAL::Workspace`\n- `AWS::FinSpace::Environment`\n- `AWS::Glue::Table`\n- `AWS::GuardDuty::Detector`\n- `AWS::KendraRanking::ExecutionPlan`\n- `AWS::KinesisVideo::Stream`\n- `AWS::ManagedBlockchain::Network`\n- `AWS::ManagedBlockchain::Node`\n- `AWS::MedicalImaging::Datastore`\n- `AWS::PCAConnectorAD::Connector`\n- `AWS::SageMaker::Endpoint`\n- `AWS::SageMaker::ExperimentTrialComponent`\n- `AWS::SageMaker::FeatureGroup`\n- `AWS::SNS::PlatformEndpoint`\n- `AWS::SNS::Topic`\n- `AWS::S3::AccessPoint`\n- `AWS::S3ObjectLambda::AccessPoint`\n- `AWS::S3Outposts::Object`\n- `AWS::SSMMessages::ControlChannel`\n- `AWS::Timestream::Database`\n- `AWS::Timestream::Table`\n- `AWS::VerifiedPermissions::PolicyStore`\n\nYou can have only one `resources.type` \ufb01eld per selector. To log data events on more than one resource type, add another selector.\n- *`resources.ARN`* - You can use any operator with `resources.ARN` , but if you use `Equals` or `NotEquals` , the value must exactly match the ARN of a valid resource of the type you've speci\ufb01ed in the template as the value of resources.type. For example, if resources.type equals `AWS::S3::Object` , the ARN must be in one of the following formats. To log all data events for all objects in a specific S3 bucket, use the `StartsWith` operator, and include only the bucket ARN as the matching value.\n\nThe trailing slash is intentional; do not exclude it. Replace the text between less than and greater than symbols (<>) with resource-specific information.\n\n- `arn::s3:::/`\n- `arn::s3::://`\n\nWhen resources.type equals `AWS::DynamoDB::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::dynamodb:::table/`\n\nWhen resources.type equals `AWS::Lambda::Function` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::lambda:::function:`\n\nWhen resources.type equals `AWS::CloudTrail::Channel` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::cloudtrail:::channel/`\n\nWhen resources.type equals `AWS::CodeWhisperer::Customization` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::codewhisperer:::customization/`\n\nWhen resources.type equals `AWS::CodeWhisperer::Profile` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::codewhisperer:::profile/`\n\nWhen resources.type equals `AWS::Cognito::IdentityPool` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::cognito-identity:::identitypool/`\n\nWhen `resources.type` equals `AWS::DynamoDB::Stream` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::dynamodb:::table//stream/`\n\nWhen `resources.type` equals `AWS::EC2::Snapshot` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::ec2:::snapshot/`\n\nWhen `resources.type` equals `AWS::EMRWAL::Workspace` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::emrwal:::workspace/`\n\nWhen `resources.type` equals `AWS::FinSpace::Environment` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::finspace:::environment/`\n\nWhen `resources.type` equals `AWS::Glue::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::glue:::table//`\n\nWhen `resources.type` equals `AWS::GuardDuty::Detector` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::guardduty:::detector/`\n\nWhen `resources.type` equals `AWS::KendraRanking::ExecutionPlan` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::kendra-ranking:::rescore-execution-plan/`\n\nWhen `resources.type` equals `AWS::KinesisVideo::Stream` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::kinesisvideo:::stream/`\n\nWhen `resources.type` equals `AWS::ManagedBlockchain::Network` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::managedblockchain:::networks/`\n\nWhen `resources.type` equals `AWS::ManagedBlockchain::Node` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::managedblockchain:::nodes/`\n\nWhen `resources.type` equals `AWS::MedicalImaging::Datastore` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::medical-imaging:::datastore/`\n\nWhen `resources.type` equals `AWS::PCAConnectorAD::Connector` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::pca-connector-ad:::connector/`\n\nWhen `resources.type` equals `AWS::SageMaker::Endpoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::endpoint/`\n\nWhen `resources.type` equals `AWS::SageMaker::ExperimentTrialComponent` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::experiment-trial-component/`\n\nWhen `resources.type` equals `AWS::SageMaker::FeatureGroup` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::feature-group/`\n\nWhen `resources.type` equals `AWS::SNS::PlatformEndpoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sns:::endpoint///`\n\nWhen `resources.type` equals `AWS::SNS::Topic` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sns:::`\n\nWhen `resources.type` equals `AWS::S3::AccessPoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in one of the following formats. To log events on all objects in an S3 access point, we recommend that you use only the access point ARN, don\u2019t include the object path, and use the `StartsWith` or `NotStartsWith` operators.\n\n- `arn::s3:::accesspoint/`\n- `arn::s3:::accesspoint//object/`\n\nWhen `resources.type` equals `AWS::S3ObjectLambda::AccessPoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::s3-object-lambda:::accesspoint/`\n\nWhen `resources.type` equals `AWS::S3Outposts::Object` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::s3-outposts:::`\n\nWhen `resources.type` equals `AWS::SSMMessages::ControlChannel` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::ssmmessages:::control-channel/`\n\nWhen `resources.type` equals `AWS::Timestream::Database` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::timestream:::database/`\n\nWhen `resources.type` equals `AWS::Timestream::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::timestream:::database//table/`\n\nWhen resources.type equals `AWS::VerifiedPermissions::PolicyStore` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::verifiedpermissions:::policy-store/`", + "Field": "A field in a CloudTrail event record on which to filter events to be logged. For event data stores for AWS Config configuration items, Audit Manager evidence, or non- AWS events, the field is used only for selecting events as filtering is not supported.\n\nFor CloudTrail event records, supported fields include `readOnly` , `eventCategory` , `eventSource` (for management events), `eventName` , `resources.type` , and `resources.ARN` .\n\nFor event data stores for AWS Config configuration items, Audit Manager evidence, or non- AWS events, the only supported field is `eventCategory` .\n\n- *`readOnly`* - Optional. Can be set to `Equals` a value of `true` or `false` . If you do not add this field, CloudTrail logs both `read` and `write` events. A value of `true` logs only `read` events. A value of `false` logs only `write` events.\n- *`eventSource`* - For filtering management events only. This can be set to `NotEquals` `kms.amazonaws.com` or `NotEquals` `rdsdata.amazonaws.com` .\n- *`eventName`* - Can use any operator. You can use it to \ufb01lter in or \ufb01lter out any data event logged to CloudTrail, such as `PutBucket` or `GetSnapshotBlock` . You can have multiple values for this \ufb01eld, separated by commas.\n- *`eventCategory`* - This is required and must be set to `Equals` .\n\n- For CloudTrail event records, the value must be `Management` or `Data` .\n- For CloudTrail Insights event records, the value must be `Insight` .\n- For AWS Config configuration items, the value must be `ConfigurationItem` .\n- For Audit Manager evidence, the value must be `Evidence` .\n- For non- AWS events, the value must be `ActivityAuditLog` .\n- *`resources.type`* - This \ufb01eld is required for CloudTrail data events. `resources.type` can only use the `Equals` operator, and the value can be one of the following:\n\n- `AWS::DynamoDB::Table`\n- `AWS::Lambda::Function`\n- `AWS::S3::Object`\n- `AWS::CloudTrail::Channel`\n- `AWS::CodeWhisperer::Customization`\n- `AWS::CodeWhisperer::Profile`\n- `AWS::Cognito::IdentityPool`\n- `AWS::DynamoDB::Stream`\n- `AWS::EC2::Snapshot`\n- `AWS::EMRWAL::Workspace`\n- `AWS::FinSpace::Environment`\n- `AWS::Glue::Table`\n- `AWS::GuardDuty::Detector`\n- `AWS::KendraRanking::ExecutionPlan`\n- `AWS::KinesisVideo::Stream`\n- `AWS::ManagedBlockchain::Network`\n- `AWS::ManagedBlockchain::Node`\n- `AWS::MedicalImaging::Datastore`\n- `AWS::PCAConnectorAD::Connector`\n- `AWS::SageMaker::Endpoint`\n- `AWS::SageMaker::ExperimentTrialComponent`\n- `AWS::SageMaker::FeatureGroup`\n- `AWS::ServiceDiscovery::Namespace`\n- `AWS::ServiceDiscovery::Service`\n- `AWS::SNS::PlatformEndpoint`\n- `AWS::SNS::Topic`\n- `AWS::SQS::Queue`\n- `AWS::S3::AccessPoint`\n- `AWS::S3ObjectLambda::AccessPoint`\n- `AWS::S3Outposts::Object`\n- `AWS::SSMMessages::ControlChannel`\n- `AWS::Timestream::Database`\n- `AWS::Timestream::Table`\n- `AWS::VerifiedPermissions::PolicyStore`\n\nYou can have only one `resources.type` \ufb01eld per selector. To log data events on more than one resource type, add another selector.\n- *`resources.ARN`* - You can use any operator with `resources.ARN` , but if you use `Equals` or `NotEquals` , the value must exactly match the ARN of a valid resource of the type you've speci\ufb01ed in the template as the value of resources.type. For example, if resources.type equals `AWS::S3::Object` , the ARN must be in one of the following formats. To log all data events for all objects in a specific S3 bucket, use the `StartsWith` operator, and include only the bucket ARN as the matching value.\n\nThe trailing slash is intentional; do not exclude it. Replace the text between less than and greater than symbols (<>) with resource-specific information.\n\n- `arn::s3:::/`\n- `arn::s3::://`\n\nWhen resources.type equals `AWS::DynamoDB::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::dynamodb:::table/`\n\nWhen resources.type equals `AWS::Lambda::Function` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::lambda:::function:`\n\nWhen resources.type equals `AWS::CloudTrail::Channel` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::cloudtrail:::channel/`\n\nWhen resources.type equals `AWS::CodeWhisperer::Customization` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::codewhisperer:::customization/`\n\nWhen resources.type equals `AWS::CodeWhisperer::Profile` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::codewhisperer:::profile/`\n\nWhen resources.type equals `AWS::Cognito::IdentityPool` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::cognito-identity:::identitypool/`\n\nWhen `resources.type` equals `AWS::DynamoDB::Stream` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::dynamodb:::table//stream/`\n\nWhen `resources.type` equals `AWS::EC2::Snapshot` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::ec2:::snapshot/`\n\nWhen `resources.type` equals `AWS::EMRWAL::Workspace` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::emrwal:::workspace/`\n\nWhen `resources.type` equals `AWS::FinSpace::Environment` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::finspace:::environment/`\n\nWhen `resources.type` equals `AWS::Glue::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::glue:::table//`\n\nWhen `resources.type` equals `AWS::GuardDuty::Detector` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::guardduty:::detector/`\n\nWhen `resources.type` equals `AWS::KendraRanking::ExecutionPlan` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::kendra-ranking:::rescore-execution-plan/`\n\nWhen `resources.type` equals `AWS::KinesisVideo::Stream` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::kinesisvideo:::stream/`\n\nWhen `resources.type` equals `AWS::ManagedBlockchain::Network` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::managedblockchain:::networks/`\n\nWhen `resources.type` equals `AWS::ManagedBlockchain::Node` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::managedblockchain:::nodes/`\n\nWhen `resources.type` equals `AWS::MedicalImaging::Datastore` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::medical-imaging:::datastore/`\n\nWhen `resources.type` equals `AWS::PCAConnectorAD::Connector` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::pca-connector-ad:::connector/`\n\nWhen `resources.type` equals `AWS::SageMaker::Endpoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::endpoint/`\n\nWhen `resources.type` equals `AWS::SageMaker::ExperimentTrialComponent` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::experiment-trial-component/`\n\nWhen `resources.type` equals `AWS::SageMaker::FeatureGroup` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::feature-group/`\n\nWhen `resources.type` equals `AWS::ServiceDiscovery::Namespace` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::servicediscovery:::namespace/`\n\nWhen `resources.type` equals `AWS::ServiceDiscovery::Service` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::servicediscovery:::service/`\n\nWhen `resources.type` equals `AWS::SNS::PlatformEndpoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sns:::endpoint///`\n\nWhen `resources.type` equals `AWS::SNS::Topic` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sns:::`\n\nWhen `resources.type` equals `AWS::SQS::Queue` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sqs:::`\n\nWhen `resources.type` equals `AWS::S3::AccessPoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in one of the following formats. To log events on all objects in an S3 access point, we recommend that you use only the access point ARN, don\u2019t include the object path, and use the `StartsWith` or `NotStartsWith` operators.\n\n- `arn::s3:::accesspoint/`\n- `arn::s3:::accesspoint//object/`\n\nWhen `resources.type` equals `AWS::S3ObjectLambda::AccessPoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::s3-object-lambda:::accesspoint/`\n\nWhen `resources.type` equals `AWS::S3Outposts::Object` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::s3-outposts:::`\n\nWhen `resources.type` equals `AWS::SSMMessages::ControlChannel` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::ssmmessages:::control-channel/`\n\nWhen `resources.type` equals `AWS::Timestream::Database` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::timestream:::database/`\n\nWhen `resources.type` equals `AWS::Timestream::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::timestream:::database//table/`\n\nWhen resources.type equals `AWS::VerifiedPermissions::PolicyStore` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::verifiedpermissions:::policy-store/`", "NotEndsWith": "An operator that excludes events that match the last few characters of the event record field specified as the value of `Field` .", "NotEquals": "An operator that excludes events that match the exact value of the event record field specified as the value of `Field` .", "NotStartsWith": "An operator that excludes events that match the first few characters of the event record field specified as the value of `Field` .", @@ -5418,14 +5418,14 @@ "AWS::CloudTrail::Trail AdvancedFieldSelector": { "EndsWith": "An operator that includes events that match the last few characters of the event record field specified as the value of `Field` .", "Equals": "An operator that includes events that match the exact value of the event record field specified as the value of `Field` . This is the only valid operator that you can use with the `readOnly` , `eventCategory` , and `resources.type` fields.", - "Field": "A field in a CloudTrail event record on which to filter events to be logged. For event data stores for AWS Config configuration items, Audit Manager evidence, or non- AWS events, the field is used only for selecting events as filtering is not supported.\n\nFor CloudTrail event records, supported fields include `readOnly` , `eventCategory` , `eventSource` (for management events), `eventName` , `resources.type` , and `resources.ARN` .\n\nFor event data stores for AWS Config configuration items, Audit Manager evidence, or non- AWS events, the only supported field is `eventCategory` .\n\n- *`readOnly`* - Optional. Can be set to `Equals` a value of `true` or `false` . If you do not add this field, CloudTrail logs both `read` and `write` events. A value of `true` logs only `read` events. A value of `false` logs only `write` events.\n- *`eventSource`* - For filtering management events only. This can be set to `NotEquals` `kms.amazonaws.com` or `NotEquals` `rdsdata.amazonaws.com` .\n- *`eventName`* - Can use any operator. You can use it to \ufb01lter in or \ufb01lter out any data event logged to CloudTrail, such as `PutBucket` or `GetSnapshotBlock` . You can have multiple values for this \ufb01eld, separated by commas.\n- *`eventCategory`* - This is required and must be set to `Equals` .\n\n- For CloudTrail event records, the value must be `Management` or `Data` .\n- For CloudTrail Insights event records, the value must be `Insight` .\n- For AWS Config configuration items, the value must be `ConfigurationItem` .\n- For Audit Manager evidence, the value must be `Evidence` .\n- For non- AWS events, the value must be `ActivityAuditLog` .\n- *`resources.type`* - This \ufb01eld is required for CloudTrail data events. `resources.type` can only use the `Equals` operator, and the value can be one of the following:\n\n- `AWS::DynamoDB::Table`\n- `AWS::Lambda::Function`\n- `AWS::S3::Object`\n- `AWS::CloudTrail::Channel`\n- `AWS::CodeWhisperer::Customization`\n- `AWS::CodeWhisperer::Profile`\n- `AWS::Cognito::IdentityPool`\n- `AWS::DynamoDB::Stream`\n- `AWS::EC2::Snapshot`\n- `AWS::EMRWAL::Workspace`\n- `AWS::FinSpace::Environment`\n- `AWS::Glue::Table`\n- `AWS::GuardDuty::Detector`\n- `AWS::KendraRanking::ExecutionPlan`\n- `AWS::KinesisVideo::Stream`\n- `AWS::ManagedBlockchain::Network`\n- `AWS::ManagedBlockchain::Node`\n- `AWS::MedicalImaging::Datastore`\n- `AWS::PCAConnectorAD::Connector`\n- `AWS::SageMaker::Endpoint`\n- `AWS::SageMaker::ExperimentTrialComponent`\n- `AWS::SageMaker::FeatureGroup`\n- `AWS::SNS::PlatformEndpoint`\n- `AWS::SNS::Topic`\n- `AWS::S3::AccessPoint`\n- `AWS::S3ObjectLambda::AccessPoint`\n- `AWS::S3Outposts::Object`\n- `AWS::SSMMessages::ControlChannel`\n- `AWS::Timestream::Database`\n- `AWS::Timestream::Table`\n- `AWS::VerifiedPermissions::PolicyStore`\n\nYou can have only one `resources.type` \ufb01eld per selector. To log data events on more than one resource type, add another selector.\n- *`resources.ARN`* - You can use any operator with `resources.ARN` , but if you use `Equals` or `NotEquals` , the value must exactly match the ARN of a valid resource of the type you've speci\ufb01ed in the template as the value of resources.type. For example, if resources.type equals `AWS::S3::Object` , the ARN must be in one of the following formats. To log all data events for all objects in a specific S3 bucket, use the `StartsWith` operator, and include only the bucket ARN as the matching value.\n\nThe trailing slash is intentional; do not exclude it. Replace the text between less than and greater than symbols (<>) with resource-specific information.\n\n- `arn::s3:::/`\n- `arn::s3::://`\n\nWhen resources.type equals `AWS::DynamoDB::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::dynamodb:::table/`\n\nWhen resources.type equals `AWS::Lambda::Function` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::lambda:::function:`\n\nWhen resources.type equals `AWS::CloudTrail::Channel` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::cloudtrail:::channel/`\n\nWhen resources.type equals `AWS::CodeWhisperer::Customization` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::codewhisperer:::customization/`\n\nWhen resources.type equals `AWS::CodeWhisperer::Profile` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::codewhisperer:::profile/`\n\nWhen resources.type equals `AWS::Cognito::IdentityPool` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::cognito-identity:::identitypool/`\n\nWhen `resources.type` equals `AWS::DynamoDB::Stream` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::dynamodb:::table//stream/`\n\nWhen `resources.type` equals `AWS::EC2::Snapshot` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::ec2:::snapshot/`\n\nWhen `resources.type` equals `AWS::EMRWAL::Workspace` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::emrwal:::workspace/`\n\nWhen `resources.type` equals `AWS::FinSpace::Environment` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::finspace:::environment/`\n\nWhen `resources.type` equals `AWS::Glue::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::glue:::table//`\n\nWhen `resources.type` equals `AWS::GuardDuty::Detector` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::guardduty:::detector/`\n\nWhen `resources.type` equals `AWS::KendraRanking::ExecutionPlan` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::kendra-ranking:::rescore-execution-plan/`\n\nWhen `resources.type` equals `AWS::KinesisVideo::Stream` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::kinesisvideo:::stream/`\n\nWhen `resources.type` equals `AWS::ManagedBlockchain::Network` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::managedblockchain:::networks/`\n\nWhen `resources.type` equals `AWS::ManagedBlockchain::Node` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::managedblockchain:::nodes/`\n\nWhen `resources.type` equals `AWS::MedicalImaging::Datastore` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::medical-imaging:::datastore/`\n\nWhen `resources.type` equals `AWS::PCAConnectorAD::Connector` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::pca-connector-ad:::connector/`\n\nWhen `resources.type` equals `AWS::SageMaker::Endpoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::endpoint/`\n\nWhen `resources.type` equals `AWS::SageMaker::ExperimentTrialComponent` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::experiment-trial-component/`\n\nWhen `resources.type` equals `AWS::SageMaker::FeatureGroup` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::feature-group/`\n\nWhen `resources.type` equals `AWS::SNS::PlatformEndpoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sns:::endpoint///`\n\nWhen `resources.type` equals `AWS::SNS::Topic` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sns:::`\n\nWhen `resources.type` equals `AWS::S3::AccessPoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in one of the following formats. To log events on all objects in an S3 access point, we recommend that you use only the access point ARN, don\u2019t include the object path, and use the `StartsWith` or `NotStartsWith` operators.\n\n- `arn::s3:::accesspoint/`\n- `arn::s3:::accesspoint//object/`\n\nWhen `resources.type` equals `AWS::S3ObjectLambda::AccessPoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::s3-object-lambda:::accesspoint/`\n\nWhen `resources.type` equals `AWS::S3Outposts::Object` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::s3-outposts:::`\n\nWhen `resources.type` equals `AWS::SSMMessages::ControlChannel` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::ssmmessages:::control-channel/`\n\nWhen `resources.type` equals `AWS::Timestream::Database` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::timestream:::database/`\n\nWhen `resources.type` equals `AWS::Timestream::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::timestream:::database//table/`\n\nWhen resources.type equals `AWS::VerifiedPermissions::PolicyStore` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::verifiedpermissions:::policy-store/`", + "Field": "A field in a CloudTrail event record on which to filter events to be logged. For event data stores for AWS Config configuration items, Audit Manager evidence, or non- AWS events, the field is used only for selecting events as filtering is not supported.\n\nFor CloudTrail event records, supported fields include `readOnly` , `eventCategory` , `eventSource` (for management events), `eventName` , `resources.type` , and `resources.ARN` .\n\nFor event data stores for AWS Config configuration items, Audit Manager evidence, or non- AWS events, the only supported field is `eventCategory` .\n\n- *`readOnly`* - Optional. Can be set to `Equals` a value of `true` or `false` . If you do not add this field, CloudTrail logs both `read` and `write` events. A value of `true` logs only `read` events. A value of `false` logs only `write` events.\n- *`eventSource`* - For filtering management events only. This can be set to `NotEquals` `kms.amazonaws.com` or `NotEquals` `rdsdata.amazonaws.com` .\n- *`eventName`* - Can use any operator. You can use it to \ufb01lter in or \ufb01lter out any data event logged to CloudTrail, such as `PutBucket` or `GetSnapshotBlock` . You can have multiple values for this \ufb01eld, separated by commas.\n- *`eventCategory`* - This is required and must be set to `Equals` .\n\n- For CloudTrail event records, the value must be `Management` or `Data` .\n- For CloudTrail Insights event records, the value must be `Insight` .\n- For AWS Config configuration items, the value must be `ConfigurationItem` .\n- For Audit Manager evidence, the value must be `Evidence` .\n- For non- AWS events, the value must be `ActivityAuditLog` .\n- *`resources.type`* - This \ufb01eld is required for CloudTrail data events. `resources.type` can only use the `Equals` operator, and the value can be one of the following:\n\n- `AWS::DynamoDB::Table`\n- `AWS::Lambda::Function`\n- `AWS::S3::Object`\n- `AWS::CloudTrail::Channel`\n- `AWS::CodeWhisperer::Customization`\n- `AWS::CodeWhisperer::Profile`\n- `AWS::Cognito::IdentityPool`\n- `AWS::DynamoDB::Stream`\n- `AWS::EC2::Snapshot`\n- `AWS::EMRWAL::Workspace`\n- `AWS::FinSpace::Environment`\n- `AWS::Glue::Table`\n- `AWS::GuardDuty::Detector`\n- `AWS::KendraRanking::ExecutionPlan`\n- `AWS::KinesisVideo::Stream`\n- `AWS::ManagedBlockchain::Network`\n- `AWS::ManagedBlockchain::Node`\n- `AWS::MedicalImaging::Datastore`\n- `AWS::PCAConnectorAD::Connector`\n- `AWS::SageMaker::Endpoint`\n- `AWS::SageMaker::ExperimentTrialComponent`\n- `AWS::SageMaker::FeatureGroup`\n- `AWS::ServiceDiscovery::Namespace`\n- `AWS::ServiceDiscovery::Service`\n- `AWS::SNS::PlatformEndpoint`\n- `AWS::SNS::Topic`\n- `AWS::SQS::Queue`\n- `AWS::S3::AccessPoint`\n- `AWS::S3ObjectLambda::AccessPoint`\n- `AWS::S3Outposts::Object`\n- `AWS::SSMMessages::ControlChannel`\n- `AWS::Timestream::Database`\n- `AWS::Timestream::Table`\n- `AWS::VerifiedPermissions::PolicyStore`\n\nYou can have only one `resources.type` \ufb01eld per selector. To log data events on more than one resource type, add another selector.\n- *`resources.ARN`* - You can use any operator with `resources.ARN` , but if you use `Equals` or `NotEquals` , the value must exactly match the ARN of a valid resource of the type you've speci\ufb01ed in the template as the value of resources.type. For example, if resources.type equals `AWS::S3::Object` , the ARN must be in one of the following formats. To log all data events for all objects in a specific S3 bucket, use the `StartsWith` operator, and include only the bucket ARN as the matching value.\n\nThe trailing slash is intentional; do not exclude it. Replace the text between less than and greater than symbols (<>) with resource-specific information.\n\n- `arn::s3:::/`\n- `arn::s3::://`\n\nWhen resources.type equals `AWS::DynamoDB::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::dynamodb:::table/`\n\nWhen resources.type equals `AWS::Lambda::Function` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::lambda:::function:`\n\nWhen resources.type equals `AWS::CloudTrail::Channel` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::cloudtrail:::channel/`\n\nWhen resources.type equals `AWS::CodeWhisperer::Customization` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::codewhisperer:::customization/`\n\nWhen resources.type equals `AWS::CodeWhisperer::Profile` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::codewhisperer:::profile/`\n\nWhen resources.type equals `AWS::Cognito::IdentityPool` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::cognito-identity:::identitypool/`\n\nWhen `resources.type` equals `AWS::DynamoDB::Stream` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::dynamodb:::table//stream/`\n\nWhen `resources.type` equals `AWS::EC2::Snapshot` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::ec2:::snapshot/`\n\nWhen `resources.type` equals `AWS::EMRWAL::Workspace` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::emrwal:::workspace/`\n\nWhen `resources.type` equals `AWS::FinSpace::Environment` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::finspace:::environment/`\n\nWhen `resources.type` equals `AWS::Glue::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::glue:::table//`\n\nWhen `resources.type` equals `AWS::GuardDuty::Detector` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::guardduty:::detector/`\n\nWhen `resources.type` equals `AWS::KendraRanking::ExecutionPlan` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::kendra-ranking:::rescore-execution-plan/`\n\nWhen `resources.type` equals `AWS::KinesisVideo::Stream` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::kinesisvideo:::stream/`\n\nWhen `resources.type` equals `AWS::ManagedBlockchain::Network` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::managedblockchain:::networks/`\n\nWhen `resources.type` equals `AWS::ManagedBlockchain::Node` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::managedblockchain:::nodes/`\n\nWhen `resources.type` equals `AWS::MedicalImaging::Datastore` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::medical-imaging:::datastore/`\n\nWhen `resources.type` equals `AWS::PCAConnectorAD::Connector` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::pca-connector-ad:::connector/`\n\nWhen `resources.type` equals `AWS::SageMaker::Endpoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::endpoint/`\n\nWhen `resources.type` equals `AWS::SageMaker::ExperimentTrialComponent` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::experiment-trial-component/`\n\nWhen `resources.type` equals `AWS::SageMaker::FeatureGroup` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::feature-group/`\n\nWhen `resources.type` equals `AWS::ServiceDiscovery::Namespace` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::servicediscovery:::namespace/`\n\nWhen `resources.type` equals `AWS::ServiceDiscovery::Service` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::servicediscovery:::service/`\n\nWhen `resources.type` equals `AWS::SNS::PlatformEndpoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sns:::endpoint///`\n\nWhen `resources.type` equals `AWS::SNS::Topic` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sns:::`\n\nWhen `resources.type` equals `AWS::SQS::Queue` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sqs:::`\n\nWhen `resources.type` equals `AWS::S3::AccessPoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in one of the following formats. To log events on all objects in an S3 access point, we recommend that you use only the access point ARN, don\u2019t include the object path, and use the `StartsWith` or `NotStartsWith` operators.\n\n- `arn::s3:::accesspoint/`\n- `arn::s3:::accesspoint//object/`\n\nWhen `resources.type` equals `AWS::S3ObjectLambda::AccessPoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::s3-object-lambda:::accesspoint/`\n\nWhen `resources.type` equals `AWS::S3Outposts::Object` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::s3-outposts:::`\n\nWhen `resources.type` equals `AWS::SSMMessages::ControlChannel` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::ssmmessages:::control-channel/`\n\nWhen `resources.type` equals `AWS::Timestream::Database` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::timestream:::database/`\n\nWhen `resources.type` equals `AWS::Timestream::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::timestream:::database//table/`\n\nWhen resources.type equals `AWS::VerifiedPermissions::PolicyStore` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::verifiedpermissions:::policy-store/`", "NotEndsWith": "An operator that excludes events that match the last few characters of the event record field specified as the value of `Field` .", "NotEquals": "An operator that excludes events that match the exact value of the event record field specified as the value of `Field` .", "NotStartsWith": "An operator that excludes events that match the first few characters of the event record field specified as the value of `Field` .", "StartsWith": "An operator that includes events that match the first few characters of the event record field specified as the value of `Field` ." }, "AWS::CloudTrail::Trail DataResource": { - "Type": "The resource type in which you want to log data events. You can specify the following *basic* event selector resource types:\n\n- `AWS::DynamoDB::Table`\n- `AWS::Lambda::Function`\n- `AWS::S3::Object`\n\nThe following resource types are also available through *advanced* event selectors. Basic event selector resource types are valid in advanced event selectors, but advanced event selector resource types are not valid in basic event selectors. For more information, see [AdvancedFieldSelector](https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AdvancedFieldSelector.html) .\n\n- `AWS::CloudTrail::Channel`\n- `AWS::CodeWhisperer::Customization`\n- `AWS::CodeWhisperer::Profile`\n- `AWS::Cognito::IdentityPool`\n- `AWS::DynamoDB::Stream`\n- `AWS::EC2::Snapshot`\n- `AWS::EMRWAL::Workspace`\n- `AWS::FinSpace::Environment`\n- `AWS::Glue::Table`\n- `AWS::GuardDuty::Detector`\n- `AWS::KendraRanking::ExecutionPlan`\n- `AWS::KinesisVideo::Stream`\n- `AWS::ManagedBlockchain::Network`\n- `AWS::ManagedBlockchain::Node`\n- `AWS::MedicalImaging::Datastore`\n- `AWS::PCAConnectorAD::Connector`\n- `AWS::SageMaker::Endpoint`\n- `AWS::SageMaker::ExperimentTrialComponent`\n- `AWS::SageMaker::FeatureGroup`\n- `AWS::SNS::PlatformEndpoint`\n- `AWS::SNS::Topic`\n- `AWS::S3::AccessPoint`\n- `AWS::S3ObjectLambda::AccessPoint`\n- `AWS::S3Outposts::Object`\n- `AWS::SSMMessages::ControlChannel`\n- `AWS::Timestream::Database`\n- `AWS::Timestream::Table`\n- `AWS::VerifiedPermissions::PolicyStore`", + "Type": "The resource type in which you want to log data events. You can specify the following *basic* event selector resource types:\n\n- `AWS::DynamoDB::Table`\n- `AWS::Lambda::Function`\n- `AWS::S3::Object`\n\nThe following resource types are also available through *advanced* event selectors. Basic event selector resource types are valid in advanced event selectors, but advanced event selector resource types are not valid in basic event selectors. For more information, see [AdvancedFieldSelector](https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AdvancedFieldSelector.html) .\n\n- `AWS::CloudTrail::Channel`\n- `AWS::CodeWhisperer::Customization`\n- `AWS::CodeWhisperer::Profile`\n- `AWS::Cognito::IdentityPool`\n- `AWS::DynamoDB::Stream`\n- `AWS::EC2::Snapshot`\n- `AWS::EMRWAL::Workspace`\n- `AWS::FinSpace::Environment`\n- `AWS::Glue::Table`\n- `AWS::GuardDuty::Detector`\n- `AWS::KendraRanking::ExecutionPlan`\n- `AWS::KinesisVideo::Stream`\n- `AWS::ManagedBlockchain::Network`\n- `AWS::ManagedBlockchain::Node`\n- `AWS::MedicalImaging::Datastore`\n- `AWS::PCAConnectorAD::Connector`\n- `AWS::SageMaker::Endpoint`\n- `AWS::SageMaker::ExperimentTrialComponent`\n- `AWS::SageMaker::FeatureGroup`\n- `AWS::ServiceDiscovery::Namespace`\n- `AWS::ServiceDiscovery::Service`\n- `AWS::SNS::PlatformEndpoint`\n- `AWS::SNS::Topic`\n- `AWS::SQS::Queue`\n- `AWS::S3::AccessPoint`\n- `AWS::S3ObjectLambda::AccessPoint`\n- `AWS::S3Outposts::Object`\n- `AWS::SSMMessages::ControlChannel`\n- `AWS::Timestream::Database`\n- `AWS::Timestream::Table`\n- `AWS::VerifiedPermissions::PolicyStore`", "Values": "An array of Amazon Resource Name (ARN) strings or partial ARN strings for the specified objects.\n\n- To log data events for all objects in all S3 buckets in your AWS account , specify the prefix as `arn:aws:s3` .\n\n> This also enables logging of data event activity performed by any user or role in your AWS account , even if that activity is performed on a bucket that belongs to another AWS account .\n- To log data events for all objects in an S3 bucket, specify the bucket and an empty object prefix such as `arn:aws:s3:::bucket-1/` . The trail logs data events for all objects in this S3 bucket.\n- To log data events for specific objects, specify the S3 bucket and object prefix such as `arn:aws:s3:::bucket-1/example-images` . The trail logs data events for objects in this S3 bucket that match the prefix.\n- To log data events for all Lambda functions in your AWS account , specify the prefix as `arn:aws:lambda` .\n\n> This also enables logging of `Invoke` activity performed by any user or role in your AWS account , even if that activity is performed on a function that belongs to another AWS account .\n- To log data events for a specific Lambda function, specify the function ARN.\n\n> Lambda function ARNs are exact. For example, if you specify a function ARN *arn:aws:lambda:us-west-2:111111111111:function:helloworld* , data events will only be logged for *arn:aws:lambda:us-west-2:111111111111:function:helloworld* . They will not be logged for *arn:aws:lambda:us-west-2:111111111111:function:helloworld2* .\n- To log data events for all DynamoDB tables in your AWS account , specify the prefix as `arn:aws:dynamodb` ." }, "AWS::CloudTrail::Trail EventSelector": { @@ -7543,7 +7543,7 @@ "AWS::DLM::LifecyclePolicy": { "Description": "A description of the lifecycle policy. The characters ^[0-9A-Za-z _-]+$ are supported.", "ExecutionRoleArn": "The Amazon Resource Name (ARN) of the IAM role used to run the operations specified by the lifecycle policy.", - "PolicyDetails": "The configuration details of the lifecycle policy.", + "PolicyDetails": "The configuration details of the lifecycle policy.\n\n> If you create a default policy, you can specify the request parameters either in the request body, or in the PolicyDetails request structure, but not both.", "State": "The activation state of the lifecycle policy.", "Tags": "The tags to apply to the lifecycle policy during creation." }, @@ -7561,8 +7561,8 @@ "CronExpression": "The schedule, as a Cron expression. The schedule interval must be between 1 hour and 1 year. For more information, see [Cron expressions](https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/ScheduledEvents.html#CronExpressions) in the *Amazon CloudWatch User Guide* .", "Interval": "The interval between snapshots. The supported values are 1, 2, 3, 4, 6, 8, 12, and 24.", "IntervalUnit": "The interval unit.", - "Location": "*[Snapshot policies only]* Specifies the destination for snapshots created by the policy. To create snapshots in the same Region as the source resource, specify `CLOUD` . To create snapshots on the same Outpost as the source resource, specify `OUTPOST_LOCAL` . If you omit this parameter, `CLOUD` is used by default.\n\nIf the policy targets resources in an AWS Region , then you must create snapshots in the same Region as the source resource. If the policy targets resources on an Outpost, then you can create snapshots on the same Outpost as the source resource, or in the Region of that Outpost.", - "Scripts": "*[Snapshot policies that target instances only]* Specifies pre and/or post scripts for a snapshot lifecycle policy that targets instances. This is useful for creating application-consistent snapshots, or for performing specific administrative tasks before or after Amazon Data Lifecycle Manager initiates snapshot creation.\n\nFor more information, see [Automating application-consistent snapshots with pre and post scripts](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/automate-app-consistent-backups.html) .", + "Location": "*[Custom snapshot policies only]* Specifies the destination for snapshots created by the policy. To create snapshots in the same Region as the source resource, specify `CLOUD` . To create snapshots on the same Outpost as the source resource, specify `OUTPOST_LOCAL` . If you omit this parameter, `CLOUD` is used by default.\n\nIf the policy targets resources in an AWS Region , then you must create snapshots in the same Region as the source resource. If the policy targets resources on an Outpost, then you can create snapshots on the same Outpost as the source resource, or in the Region of that Outpost.", + "Scripts": "*[Custom snapshot policies that target instances only]* Specifies pre and/or post scripts for a snapshot lifecycle policy that targets instances. This is useful for creating application-consistent snapshots, or for performing specific administrative tasks before or after Amazon Data Lifecycle Manager initiates snapshot creation.\n\nFor more information, see [Automating application-consistent snapshots with pre and post scripts](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/automate-app-consistent-backups.html) .", "Times": "The time, in UTC, to start the operation. The supported format is hh:mm.\n\nThe operation occurs within a one-hour window following the specified time. If you do not specify a time, Amazon Data Lifecycle Manager selects a time within the next 24 hours." }, "AWS::DLM::LifecyclePolicy CrossRegionCopyAction": { @@ -7581,11 +7581,11 @@ "AWS::DLM::LifecyclePolicy CrossRegionCopyRule": { "CmkArn": "The Amazon Resource Name (ARN) of the AWS KMS key to use for EBS encryption. If this parameter is not specified, the default KMS key for the account is used.", "CopyTags": "Indicates whether to copy all user-defined tags from the source snapshot or AMI to the cross-Region copy.", - "DeprecateRule": "*[AMI policies only]* The AMI deprecation rule for cross-Region AMI copies created by the rule.", + "DeprecateRule": "*[Custom AMI policies only]* The AMI deprecation rule for cross-Region AMI copies created by the rule.", "Encrypted": "To encrypt a copy of an unencrypted snapshot if encryption by default is not enabled, enable encryption using this parameter. Copies of encrypted snapshots are encrypted, even if this parameter is false or if encryption by default is not enabled.", "RetainRule": "The retention rule that indicates how long the cross-Region snapshot or AMI copies are to be retained in the destination Region.", - "Target": "> Use this parameter for snapshot policies only. For AMI policies, use *TargetRegion* instead. \n\n*[Snapshot policies only]* The target Region or the Amazon Resource Name (ARN) of the target Outpost for the snapshot copies.", - "TargetRegion": "> Use this parameter for AMI policies only. For snapshot policies, use *Target* instead. For snapshot policies created before the *Target* parameter was introduced, this parameter indicates the target Region for snapshot copies. \n\n*[AMI policies only]* The target Region or the Amazon Resource Name (ARN) of the target Outpost for the snapshot copies." + "Target": "> Use this parameter for snapshot policies only. For AMI policies, use *TargetRegion* instead. \n\n*[Custom snapshot policies only]* The target Region or the Amazon Resource Name (ARN) of the target Outpost for the snapshot copies.", + "TargetRegion": "> Use this parameter for AMI policies only. For snapshot policies, use *Target* instead. For snapshot policies created before the *Target* parameter was introduced, this parameter indicates the target Region for snapshot copies. \n\n*[Custom AMI policies only]* The target Region or the Amazon Resource Name (ARN) of the target Outpost for the snapshot copies." }, "AWS::DLM::LifecyclePolicy DeprecateRule": { "Count": "If the schedule has a count-based retention rule, this parameter specifies the number of oldest AMIs to deprecate. The count must be less than or equal to the schedule's retention count, and it can't be greater than 1000.", @@ -7612,19 +7612,19 @@ "IntervalUnit": "The unit of time for enabling fast snapshot restore." }, "AWS::DLM::LifecyclePolicy Parameters": { - "ExcludeBootVolume": "*[Snapshot policies that target instances only]* Indicates whether to exclude the root volume from multi-volume snapshot sets. The default is `false` . If you specify `true` , then the root volumes attached to targeted instances will be excluded from the multi-volume snapshot sets created by the policy.", - "ExcludeDataVolumeTags": "*[Snapshot policies that target instances only]* The tags used to identify data (non-root) volumes to exclude from multi-volume snapshot sets.\n\nIf you create a snapshot lifecycle policy that targets instances and you specify tags for this parameter, then data volumes with the specified tags that are attached to targeted instances will be excluded from the multi-volume snapshot sets created by the policy.", - "NoReboot": "*[AMI policies only]* Indicates whether targeted instances are rebooted when the lifecycle policy runs. `true` indicates that targeted instances are not rebooted when the policy runs. `false` indicates that target instances are rebooted when the policy runs. The default is `true` (instances are not rebooted)." + "ExcludeBootVolume": "*[Custom snapshot policies that target instances only]* Indicates whether to exclude the root volume from multi-volume snapshot sets. The default is `false` . If you specify `true` , then the root volumes attached to targeted instances will be excluded from the multi-volume snapshot sets created by the policy.", + "ExcludeDataVolumeTags": "*[Custom snapshot policies that target instances only]* The tags used to identify data (non-root) volumes to exclude from multi-volume snapshot sets.\n\nIf you create a snapshot lifecycle policy that targets instances and you specify tags for this parameter, then data volumes with the specified tags that are attached to targeted instances will be excluded from the multi-volume snapshot sets created by the policy.", + "NoReboot": "*[Custom AMI policies only]* Indicates whether targeted instances are rebooted when the lifecycle policy runs. `true` indicates that targeted instances are not rebooted when the policy runs. `false` indicates that target instances are rebooted when the policy runs. The default is `true` (instances are not rebooted)." }, "AWS::DLM::LifecyclePolicy PolicyDetails": { "Actions": "*[Event-based policies only]* The actions to be performed when the event-based policy is activated. You can specify only one action per policy.", "EventSource": "*[Event-based policies only]* The event that activates the event-based policy.", - "Parameters": "*[Snapshot and AMI policies only]* A set of optional parameters for snapshot and AMI lifecycle policies.\n\n> If you are modifying a policy that was created or previously modified using the Amazon Data Lifecycle Manager console, then you must include this parameter and specify either the default values or the new values that you require. You can't omit this parameter or set its values to null.", - "PolicyType": "*[All policy types]* The valid target resource types and actions a policy can manage. Specify `EBS_SNAPSHOT_MANAGEMENT` to create a lifecycle policy that manages the lifecycle of Amazon EBS snapshots. Specify `IMAGE_MANAGEMENT` to create a lifecycle policy that manages the lifecycle of EBS-backed AMIs. Specify `EVENT_BASED_POLICY` to create an event-based policy that performs specific actions when a defined event occurs in your AWS account .\n\nThe default is `EBS_SNAPSHOT_MANAGEMENT` .", - "ResourceLocations": "*[Snapshot and AMI policies only]* The location of the resources to backup. If the source resources are located in an AWS Region , specify `CLOUD` . If the source resources are located on an Outpost in your account, specify `OUTPOST` .\n\nIf you specify `OUTPOST` , Amazon Data Lifecycle Manager backs up all resources of the specified type with matching target tags across all of the Outposts in your account.", - "ResourceTypes": "*[Snapshot policies only]* The target resource type for snapshot and AMI lifecycle policies. Use `VOLUME` to create snapshots of individual volumes or use `INSTANCE` to create multi-volume snapshots from the volumes for an instance.", - "Schedules": "*[Snapshot and AMI policies only]* The schedules of policy-defined actions for snapshot and AMI lifecycle policies. A policy can have up to four schedules\u2014one mandatory schedule and up to three optional schedules.", - "TargetTags": "*[Snapshot and AMI policies only]* The single tag that identifies targeted resources for this policy." + "Parameters": "*[Custom snapshot and AMI policies only]* A set of optional parameters for snapshot and AMI lifecycle policies.\n\n> If you are modifying a policy that was created or previously modified using the Amazon Data Lifecycle Manager console, then you must include this parameter and specify either the default values or the new values that you require. You can't omit this parameter or set its values to null.", + "PolicyType": "*[Custom policies only]* The valid target resource types and actions a policy can manage. Specify `EBS_SNAPSHOT_MANAGEMENT` to create a lifecycle policy that manages the lifecycle of Amazon EBS snapshots. Specify `IMAGE_MANAGEMENT` to create a lifecycle policy that manages the lifecycle of EBS-backed AMIs. Specify `EVENT_BASED_POLICY` to create an event-based policy that performs specific actions when a defined event occurs in your AWS account .\n\nThe default is `EBS_SNAPSHOT_MANAGEMENT` .", + "ResourceLocations": "*[Custom snapshot and AMI policies only]* The location of the resources to backup. If the source resources are located in an AWS Region , specify `CLOUD` . If the source resources are located on an Outpost in your account, specify `OUTPOST` .\n\nIf you specify `OUTPOST` , Amazon Data Lifecycle Manager backs up all resources of the specified type with matching target tags across all of the Outposts in your account.", + "ResourceTypes": "*[Custom snapshot policies only]* The target resource type for snapshot and AMI lifecycle policies. Use `VOLUME` to create snapshots of individual volumes or use `INSTANCE` to create multi-volume snapshots from the volumes for an instance.", + "Schedules": "*[Custom snapshot and AMI policies only]* The schedules of policy-defined actions for snapshot and AMI lifecycle policies. A policy can have up to four schedules\u2014one mandatory schedule and up to three optional schedules.", + "TargetTags": "*[Custom snapshot and AMI policies only]* The single tag that identifies targeted resources for this policy." }, "AWS::DLM::LifecyclePolicy RetainRule": { "Count": "The number of snapshots to retain for each volume, up to a maximum of 1000. For example if you want to retain a maximum of three snapshots, specify `3` . When the fourth snapshot is created, the oldest retained snapshot is deleted, or it is moved to the archive tier if you have specified an [ArchiveRule](https://docs.aws.amazon.com/dlm/latest/APIReference/API_ArchiveRule.html) .", @@ -7637,15 +7637,15 @@ "IntervalUnit": "The unit of time in which to measure the *Interval* . For example, to retain a snapshots in the archive tier for 6 months, specify `Interval=6` and `IntervalUnit=MONTHS` ." }, "AWS::DLM::LifecyclePolicy Schedule": { - "ArchiveRule": "*[Snapshot policies that target volumes only]* The snapshot archiving rule for the schedule. When you specify an archiving rule, snapshots are automatically moved from the standard tier to the archive tier once the schedule's retention threshold is met. Snapshots are then retained in the archive tier for the archive retention period that you specify.\n\nFor more information about using snapshot archiving, see [Considerations for snapshot lifecycle policies](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshot-ami-policy.html#dlm-archive) .", + "ArchiveRule": "*[Custom snapshot policies that target volumes only]* The snapshot archiving rule for the schedule. When you specify an archiving rule, snapshots are automatically moved from the standard tier to the archive tier once the schedule's retention threshold is met. Snapshots are then retained in the archive tier for the archive retention period that you specify.\n\nFor more information about using snapshot archiving, see [Considerations for snapshot lifecycle policies](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshot-ami-policy.html#dlm-archive) .", "CopyTags": "Copy all user-defined tags on a source volume to snapshots of the volume created by this policy.", "CreateRule": "The creation rule.", "CrossRegionCopyRules": "Specifies a rule for copying snapshots or AMIs across regions.\n\n> You can't specify cross-Region copy rules for policies that create snapshots on an Outpost. If the policy creates snapshots in a Region, then snapshots can be copied to up to three Regions or Outposts.", - "DeprecateRule": "*[AMI policies only]* The AMI deprecation rule for the schedule.", - "FastRestoreRule": "*[Snapshot policies only]* The rule for enabling fast snapshot restore.", + "DeprecateRule": "*[Custom AMI policies only]* The AMI deprecation rule for the schedule.", + "FastRestoreRule": "*[Custom snapshot policies only]* The rule for enabling fast snapshot restore.", "Name": "The name of the schedule.", "RetainRule": "The retention rule for snapshots or AMIs created by the policy.", - "ShareRules": "*[Snapshot policies only]* The rule for sharing snapshots with other AWS accounts .", + "ShareRules": "*[Custom snapshot policies only]* The rule for sharing snapshots with other AWS accounts .", "TagsToAdd": "The tags to apply to policy-created resources. These user-defined tags are in addition to the AWS -added lifecycle tags.", "VariableTags": "*[AMI policies and snapshot policies that target instances only]* A collection of key/value pairs with values determined dynamically when the policy is executed. Keys may be any valid Amazon EC2 tag key. Values must be in one of the two following formats: `$(instance-id)` or `$(timestamp)` . Variable tags are only valid for EBS Snapshot Management \u2013 Instance policies." }, @@ -10768,7 +10768,7 @@ "Value": "The tag value." }, "AWS::EC2::SubnetCidrBlock": { - "Ipv6CidrBlock": "The IPv6 network range for the subnet, in CIDR notation. The subnet size must use a /64 prefix length.\n\nThis parameter is required for an IPv6 only subnet.", + "Ipv6CidrBlock": "The IPv6 network range for the subnet, in CIDR notation. This parameter is required for an IPv6 only subnet.", "SubnetId": "The ID of the subnet." }, "AWS::EC2::SubnetNetworkAclAssociation": { @@ -10973,7 +10973,7 @@ "Value": "The tag value." }, "AWS::EC2::VPCCidrBlock": { - "AmazonProvidedIpv6CidrBlock": "Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IPv6 addresses, or the size of the CIDR block.", + "AmazonProvidedIpv6CidrBlock": "Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IPv6 addresses or the size of the CIDR block.", "CidrBlock": "An IPv4 CIDR block to associate with the VPC.", "Ipv4IpamPoolId": "Associate a CIDR allocated from an IPv4 IPAM pool to a VPC. For more information about Amazon VPC IP Address Manager (IPAM), see [What is IPAM?](https://docs.aws.amazon.com//vpc/latest/ipam/what-is-it-ipam.html) in the *Amazon VPC IPAM User Guide* .", "Ipv4NetmaskLength": "The netmask length of the IPv4 CIDR you would like to associate from an Amazon VPC IP Address Manager (IPAM) pool. For more information about IPAM, see [What is IPAM?](https://docs.aws.amazon.com//vpc/latest/ipam/what-is-it-ipam.html) in the *Amazon VPC IPAM User Guide* .", @@ -11228,9 +11228,9 @@ "Value": "A `value` acts as a descriptor within a tag category (key)." }, "AWS::ECR::PullThroughCacheRule": { - "CredentialArn": "", + "CredentialArn": "The ARN of the Secrets Manager secret associated with the pull through cache rule.", "EcrRepositoryPrefix": "The Amazon ECR repository prefix associated with the pull through cache rule.", - "UpstreamRegistry": "", + "UpstreamRegistry": "The name of the upstream source registry associated with the pull through cache rule.", "UpstreamRegistryUrl": "The upstream registry URL associated with the pull through cache rule." }, "AWS::ECR::RegistryPolicy": { @@ -11773,8 +11773,8 @@ "Tags": "The metadata that you apply to the add-on to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Add-on tags do not propagate to any other resources associated with the cluster." }, "AWS::EKS::Addon Tag": { - "Key": "", - "Value": "" + "Key": "One part of a key-value pair that make up a tag. A `key` is a general label that acts like a category for more specific tag values.", + "Value": "The optional part of a key-value pair that make up a tag. A `value` acts as a descriptor within a tag category (key)." }, "AWS::EKS::Cluster": { "AccessConfig": "", @@ -11829,8 +11829,8 @@ "SubnetIds": "Specify subnets for your Amazon EKS nodes. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your nodes and the Kubernetes control plane." }, "AWS::EKS::Cluster Tag": { - "Key": "", - "Value": "" + "Key": "One part of a key-value pair that make up a tag. A `key` is a general label that acts like a category for more specific tag values.", + "Value": "The optional part of a key-value pair that make up a tag. A `value` acts as a descriptor within a tag category (key)." }, "AWS::EKS::FargateProfile": { "ClusterName": "The name of the Amazon EKS cluster to apply the Fargate profile to.", @@ -11849,8 +11849,8 @@ "Namespace": "The Kubernetes namespace that the selector should match." }, "AWS::EKS::FargateProfile Tag": { - "Key": "", - "Value": "" + "Key": "One part of a key-value pair that make up a tag. A `key` is a general label that acts like a category for more specific tag values.", + "Value": "The optional part of a key-value pair that make up a tag. A `value` acts as a descriptor within a tag category (key)." }, "AWS::EKS::IdentityProviderConfig": { "ClusterName": "The cluster that the configuration is associated to.", @@ -11873,8 +11873,8 @@ "Value": "The value for the key from the token." }, "AWS::EKS::IdentityProviderConfig Tag": { - "Key": "", - "Value": "" + "Key": "One part of a key-value pair that make up a tag. A `key` is a general label that acts like a category for more specific tag values.", + "Value": "The optional part of a key-value pair that make up a tag. A `value` acts as a descriptor within a tag category (key)." }, "AWS::EKS::Nodegroup": { "AmiType": "The AMI type for your node group. If you specify `launchTemplate` , and your launch template uses a custom AMI, then don't specify `amiType` , or the node group deployment will fail. If your launch template uses a Windows custom AMI, then add `eks:kube-proxy-windows` to your Windows nodes `rolearn` in the `aws-auth` `ConfigMap` . For more information about using launch templates with Amazon EKS, see [Launch template support](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) in the *Amazon EKS User Guide* .", @@ -14960,7 +14960,7 @@ "OrganizationRoleName": "The name of the IAM role that is used to access resources through Organizations .", "OrganizationalUnits": "Specifies the organizational units that this workspace is allowed to use data sources from, if this workspace is in an account that is part of an organization.", "PermissionType": "If this is `SERVICE_MANAGED` , and the workplace was created through the Amazon Managed Grafana console, then Amazon Managed Grafana automatically creates the IAM roles and provisions the permissions that the workspace needs to use AWS data sources and notification channels.\n\nIf this is `CUSTOMER_MANAGED` , you must manage those roles and permissions yourself.\n\nIf you are working with a workspace in a member account of an organization and that account is not a delegated administrator account, and you want the workspace to access data sources in other AWS accounts in the organization, this parameter must be set to `CUSTOMER_MANAGED` .\n\nFor more information about converting between customer and service managed, see [Managing permissions for data sources and notification channels](https://docs.aws.amazon.com/grafana/latest/userguide/AMG-datasource-and-notification.html) . For more information about the roles and permissions that must be managed for customer managed workspaces, see [Amazon Managed Grafana permissions and policies for AWS data sources and notification channels](https://docs.aws.amazon.com/grafana/latest/userguide/AMG-manage-permissions.html)", - "PluginAdminEnabled": "Whether plugin administration is enabled in the workspace. Setting to `true` allows workspace admins to install, uninstall, and update plugins from within the Grafana workspace.", + "PluginAdminEnabled": "Whether plugin administration is enabled in the workspace. Setting to `true` allows workspace admins to install, uninstall, and update plugins from within the Grafana workspace.\n\n> This option is only valid for workspaces that support Grafana version 9 or newer.", "RoleArn": "The IAM role that grants permissions to the AWS resources that the workspace will view data from. This role must already exist.", "SamlConfiguration": "If the workspace uses SAML, use this structure to map SAML assertion attributes to workspace user information and define which groups in the assertion attribute are to have the `Admin` and `Editor` roles in the workspace.", "StackSetName": "The name of the AWS CloudFormation stack set that is used to generate IAM roles to be used for this workspace.", @@ -16344,7 +16344,7 @@ "PerformanceScoreThreshold": "The health event threshold percentage set for performance scores. When the overall performance score is at or below this percentage, Internet Monitor creates a health event." }, "AWS::InternetMonitor::Monitor InternetMeasurementsLogDelivery": { - "S3Config": "The configuration for publishing Amazon CloudWatch Internet Monitor internet measurements to Amazon S3." + "S3Config": "The configuration information for publishing Internet Monitor internet measurements to Amazon S3. The configuration includes the bucket name and (optionally) prefix for the S3 bucket to store the measurements, and the delivery status. The delivery status is `ENABLED` or `DISABLED` , depending on whether you choose to deliver internet measurements to S3 logs." }, "AWS::InternetMonitor::Monitor LocalHealthEventsConfig": { "HealthScoreThreshold": "The health event threshold percentage set for a local health score.", @@ -16352,9 +16352,9 @@ "Status": "The status of whether Internet Monitor creates a health event based on a threshold percentage set for a local health score. The status can be `ENABLED` or `DISABLED` ." }, "AWS::InternetMonitor::Monitor S3Config": { - "BucketName": "The Amazon S3 bucket name for internet measurements publishing.", - "BucketPrefix": "An optional Amazon S3 bucket prefix for internet measurements publishing.", - "LogDeliveryStatus": "The status of publishing Internet Monitor internet measurements to an Amazon S3 bucket. The delivery status is `ENABLED` if you choose to deliver internet measurements to an S3 bucket, and `DISABLED` otherwise." + "BucketName": "The Amazon S3 bucket name.", + "BucketPrefix": "The Amazon S3 bucket prefix.", + "LogDeliveryStatus": "The status of publishing Internet Monitor internet measurements to an Amazon S3 bucket." }, "AWS::InternetMonitor::Monitor Tag": { "Key": "", @@ -19905,7 +19905,7 @@ "OnSuccess": "The destination configuration for successful invocations." }, "AWS::Lambda::EventInvokeConfig OnFailure": { - "Destination": "The Amazon Resource Name (ARN) of the destination resource." + "Destination": "The Amazon Resource Name (ARN) of the destination resource.\n\nTo retain records of [asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations) , you can configure an Amazon SNS topic, Amazon SQS queue, Lambda function, or Amazon EventBridge event bus as the destination.\n\nTo retain records of failed invocations from [Kinesis and DynamoDB event sources](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventsourcemapping.html#event-source-mapping-destinations) , you can configure an Amazon SNS topic or Amazon SQS queue as the destination.\n\nTo retain records of failed invocations from [self-managed Kafka](https://docs.aws.amazon.com/lambda/latest/dg/with-kafka.html#services-smaa-onfailure-destination) or [Amazon MSK](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-onfailure-destination) , you can configure an Amazon SNS topic or Amazon SQS queue as the destination." }, "AWS::Lambda::EventInvokeConfig OnSuccess": { "Destination": "The Amazon Resource Name (ARN) of the destination resource." @@ -19917,7 +19917,7 @@ "DestinationConfig": "(Kinesis and DynamoDB Streams only) An Amazon SQS queue or Amazon SNS topic destination for discarded records.", "DocumentDBEventSourceConfig": "Specific configuration settings for a DocumentDB event source.", "Enabled": "When true, the event source mapping is active. When false, Lambda pauses polling and invocation.\n\nDefault: True", - "EventSourceArn": "The Amazon Resource Name (ARN) of the event source.\n\n- *Amazon Kinesis* \u2013 The ARN of the data stream or a stream consumer.\n- *Amazon DynamoDB Streams* \u2013 The ARN of the stream.\n- *Amazon Simple Queue Service* \u2013 The ARN of the queue.\n- *Amazon Managed Streaming for Apache Kafka* \u2013 The ARN of the cluster.\n- *Amazon MQ* \u2013 The ARN of the broker.\n- *Amazon DocumentDB* \u2013 The ARN of the DocumentDB change stream.", + "EventSourceArn": "The Amazon Resource Name (ARN) of the event source.\n\n- *Amazon Kinesis* \u2013 The ARN of the data stream or a stream consumer.\n- *Amazon DynamoDB Streams* \u2013 The ARN of the stream.\n- *Amazon Simple Queue Service* \u2013 The ARN of the queue.\n- *Amazon Managed Streaming for Apache Kafka* \u2013 The ARN of the cluster or the ARN of the VPC connection (for [cross-account event source mappings](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#msk-multi-vpc) ).\n- *Amazon MQ* \u2013 The ARN of the broker.\n- *Amazon DocumentDB* \u2013 The ARN of the DocumentDB change stream.", "FilterCriteria": "An object that defines the filter criteria that determine whether Lambda should process an event. For more information, see [Lambda event filtering](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html) .", "FunctionName": "The name of the Lambda function.\n\n**Name formats** - *Function name* \u2013 `MyFunction` .\n- *Function ARN* \u2013 `arn:aws:lambda:us-west-2:123456789012:function:MyFunction` .\n- *Version or Alias ARN* \u2013 `arn:aws:lambda:us-west-2:123456789012:function:MyFunction:PROD` .\n- *Partial ARN* \u2013 `123456789012:function:MyFunction` .\n\nThe length constraint applies only to the full ARN. If you specify only the function name, it's limited to 64 characters in length.", "FunctionResponseTypes": "(Streams and SQS) A list of current response type enums applied to the event source mapping.\n\nValid Values: `ReportBatchItemFailures`", @@ -19956,7 +19956,7 @@ "Filters": "A list of filters." }, "AWS::Lambda::EventSourceMapping OnFailure": { - "Destination": "The Amazon Resource Name (ARN) of the destination resource." + "Destination": "The Amazon Resource Name (ARN) of the destination resource.\n\nTo retain records of [asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations) , you can configure an Amazon SNS topic, Amazon SQS queue, Lambda function, or Amazon EventBridge event bus as the destination.\n\nTo retain records of failed invocations from [Kinesis and DynamoDB event sources](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventsourcemapping.html#event-source-mapping-destinations) , you can configure an Amazon SNS topic or Amazon SQS queue as the destination.\n\nTo retain records of failed invocations from [self-managed Kafka](https://docs.aws.amazon.com/lambda/latest/dg/with-kafka.html#services-smaa-onfailure-destination) or [Amazon MSK](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-onfailure-destination) , you can configure an Amazon SNS topic or Amazon SQS queue as the destination." }, "AWS::Lambda::EventSourceMapping ScalingConfig": { "MaximumConcurrency": "Limits the number of concurrent instances that the Amazon SQS event source can invoke." @@ -19985,7 +19985,7 @@ "ImageConfig": "Configuration values that override the container image Dockerfile settings. For more information, see [Container image settings](https://docs.aws.amazon.com/lambda/latest/dg/images-create.html#images-parms) .", "KmsKeyArn": "The ARN of the AWS Key Management Service ( AWS KMS ) customer managed key that's used to encrypt your function's [environment variables](https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-encryption) . When [Lambda SnapStart](https://docs.aws.amazon.com/lambda/latest/dg/snapstart-security.html) is activated, Lambda also uses this key is to encrypt your function's snapshot. If you deploy your function using a container image, Lambda also uses this key to encrypt your function when it's deployed. Note that this is not the same key that's used to protect your container image in the Amazon Elastic Container Registry (Amazon ECR).\nIf you don't provide a customer managed key, Lambda uses a default service key.", "Layers": "A list of [function layers](https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html) to add to the function's execution environment. Specify each layer by its ARN, including the version.", - "LoggingConfig": "", + "LoggingConfig": "The function's Amazon CloudWatch Logs configuration settings.", "MemorySize": "The amount of [memory available to the function](https://docs.aws.amazon.com/lambda/latest/dg/configuration-function-common.html#configuration-memory-console) at runtime. Increasing the function memory also increases its CPU allocation. The default value is 128 MB. The value can be any multiple of 1 MB. Note that new AWS accounts have reduced concurrency and memory quotas. AWS raises these quotas automatically based on your usage. You can also request a quota increase.", "PackageType": "The type of deployment package. Set to `Image` for container image and set `Zip` for .zip file archive.", "Policy": "", @@ -20025,10 +20025,10 @@ "WorkingDirectory": "Specifies the working directory. The length of the directory string cannot exceed 1,000 characters." }, "AWS::Lambda::Function LoggingConfig": { - "ApplicationLogLevel": "", - "LogFormat": "", - "LogGroup": "", - "SystemLogLevel": "" + "ApplicationLogLevel": "Set this property to filter the application logs for your function that Lambda sends to CloudWatch. Lambda only sends application logs at the selected level and lower.", + "LogFormat": "The format in which Lambda sends your function's application and system logs to CloudWatch. Select between plain text and structured JSON.", + "LogGroup": "The name of the Amazon CloudWatch log group the function sends logs to. By default, Lambda functions send logs to a default log group named `/aws/lambda/` . To use a different log group, enter an existing log group or enter a new log group name.", + "SystemLogLevel": "Set this property to filter the system logs for your function that Lambda sends to CloudWatch. Lambda only sends system logs at the selected level and lower." }, "AWS::Lambda::Function RuntimeManagementConfig": { "RuntimeVersionArn": "The ARN of the runtime version you want the function to use.\n\n> This is only required if you're using the *Manual* runtime update mode.", @@ -26068,7 +26068,7 @@ "ColumnConfigurations": "An array of analysis-level column configurations. Column configurations can be used to set default formatting for a column to be used throughout an analysis.", "DataSetIdentifierDeclarations": "An array of dataset identifier declarations. This mapping allows the usage of dataset identifiers instead of dataset ARNs throughout analysis sub-structures.", "FilterGroups": "Filter definitions for an analysis.\n\nFor more information, see [Filtering Data in Amazon QuickSight](https://docs.aws.amazon.com/quicksight/latest/user/adding-a-filter.html) in the *Amazon QuickSight User Guide* .", - "Options": "", + "Options": "An array of option definitions for an analysis.", "ParameterDeclarations": "An array of parameter declarations for an analysis.\n\nParameters are named variables that can transfer a value for use by an action or an object.\n\nFor more information, see [Parameters in Amazon QuickSight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-in-quicksight.html) in the *Amazon QuickSight User Guide* .", "Sheets": "An array of sheet definitions for an analysis. Each `SheetDefinition` provides detailed information about a sheet within this analysis." }, @@ -26104,8 +26104,8 @@ "ArcThickness": "The arc thickness of a `GaugeChartVisual` ." }, "AWS::QuickSight::Analysis AssetOptions": { - "Timezone": "", - "WeekStart": "" + "Timezone": "Determines the timezone for the analysis.", + "WeekStart": "Determines the week start day for an analysis." }, "AWS::QuickSight::Analysis AttributeAggregationFunction": { "SimpleAttributeAggregation": "The built-in aggregation functions for attributes.\n\n- `UNIQUE_VALUE` : Returns the unique value for a field, aggregated by the dimension fields.", @@ -28414,7 +28414,7 @@ "Name": "The name of a computation." }, "AWS::QuickSight::Analysis ValidationStrategy": { - "Mode": "The mode of validation for the asset to be creaed or updated. When you set this value to `STRICT` , strict validation for every error is enforced. When you set this value to `LENIENT` , validation is skipped for specific UI errors." + "Mode": "The mode of validation for the asset to be created or updated. When you set this value to `STRICT` , strict validation for every error is enforced. When you set this value to `LENIENT` , validation is skipped for specific UI errors." }, "AWS::QuickSight::Analysis VisibleRangeOptions": { "PercentRange": "The percent range in the visible range." @@ -28551,7 +28551,7 @@ "DashboardId": "The ID for the dashboard, also added to the IAM policy.", "DashboardPublishOptions": "Options for publishing the dashboard when you create it:\n\n- `AvailabilityStatus` for `AdHocFilteringOption` - This status can be either `ENABLED` or `DISABLED` . When this is set to `DISABLED` , Amazon QuickSight disables the left filter pane on the published dashboard, which can be used for ad hoc (one-time) filtering. This option is `ENABLED` by default.\n- `AvailabilityStatus` for `ExportToCSVOption` - This status can be either `ENABLED` or `DISABLED` . The visual option to export data to .CSV format isn't enabled when this is set to `DISABLED` . This option is `ENABLED` by default.\n- `VisibilityState` for `SheetControlsOption` - This visibility state can be either `COLLAPSED` or `EXPANDED` . This option is `COLLAPSED` by default.", "Definition": "", - "LinkSharingConfiguration": "A structure that contains the configuration of a shareable link to the dashboard.", + "LinkSharingConfiguration": "A structure that contains the link sharing configurations that you want to apply overrides to.", "Name": "The display name of the dashboard.", "Parameters": "The parameters for the creation of the dashboard, which you want to use to override the default settings. A dashboard can have any type of parameters, and some parameters might accept multiple values.", "Permissions": "A structure that contains the permissions of the dashboard. You can use this structure for granting permissions by providing a list of IAM action information for each principal ARN.\n\nTo specify no permissions, omit the permissions list.", @@ -28598,8 +28598,8 @@ "ArcThickness": "The arc thickness of a `GaugeChartVisual` ." }, "AWS::QuickSight::Dashboard AssetOptions": { - "Timezone": "", - "WeekStart": "" + "Timezone": "Determines the timezone for the analysis.", + "WeekStart": "Determines the week start day for an analysis." }, "AWS::QuickSight::Dashboard AttributeAggregationFunction": { "SimpleAttributeAggregation": "The built-in aggregation functions for attributes.\n\n- `UNIQUE_VALUE` : Returns the unique value for a field, aggregated by the dimension fields.", @@ -29044,7 +29044,7 @@ "ColumnConfigurations": "An array of dashboard-level column configurations. Column configurations are used to set the default formatting for a column that is used throughout a dashboard.", "DataSetIdentifierDeclarations": "An array of dataset identifier declarations. With this mapping,you can use dataset identifiers instead of dataset Amazon Resource Names (ARNs) throughout the dashboard's sub-structures.", "FilterGroups": "The filter definitions for a dashboard.\n\nFor more information, see [Filtering Data in Amazon QuickSight](https://docs.aws.amazon.com/quicksight/latest/user/adding-a-filter.html) in the *Amazon QuickSight User Guide* .", - "Options": "", + "Options": "An array of option definitions for a dashboard.", "ParameterDeclarations": "The parameter declarations for a dashboard. Parameters are named variables that can transfer a value for use by an action or an object.\n\nFor more information, see [Parameters in Amazon QuickSight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-in-quicksight.html) in the *Amazon QuickSight User Guide* .", "Sheets": "An array of sheet definitions for a dashboard." }, @@ -30985,7 +30985,7 @@ "Name": "The name of a computation." }, "AWS::QuickSight::Dashboard ValidationStrategy": { - "Mode": "The mode of validation for the asset to be creaed or updated. When you set this value to `STRICT` , strict validation for every error is enforced. When you set this value to `LENIENT` , validation is skipped for specific UI errors." + "Mode": "The mode of validation for the asset to be created or updated. When you set this value to `STRICT` , strict validation for every error is enforced. When you set this value to `LENIENT` , validation is skipped for specific UI errors." }, "AWS::QuickSight::Dashboard VisibleRangeOptions": { "PercentRange": "The percent range in the visible range." @@ -31151,7 +31151,7 @@ "ColumnName": "Column name.", "Format": "When casting a column from string to datetime type, you can supply a string in a format supported by Amazon QuickSight to denote the source data format.", "NewColumnType": "New column data type.", - "SubType": "" + "SubType": "The sub data type of the new column. Sub types are only available for decimal columns that are part of a SPICE dataset." }, "AWS::QuickSight::DataSet ColumnDescription": { "Text": "The text of a description for a column." @@ -31229,7 +31229,7 @@ }, "AWS::QuickSight::DataSet InputColumn": { "Name": "The name of this column in the underlying data source.", - "SubType": "", + "SubType": "The sub data type of the column. Sub types are only available for decimal columns that are part of a SPICE dataset.", "Type": "The data type of the column." }, "AWS::QuickSight::DataSet IntegerDatasetParameter": { @@ -31275,9 +31275,9 @@ }, "AWS::QuickSight::DataSet OutputColumn": { "Description": "A description for a column.", - "Name": "A display name for the dataset.", - "SubType": "", - "Type": "The type." + "Name": "The display name of the column..", + "SubType": "The sub data type of the column.", + "Type": "The data type of the column." }, "AWS::QuickSight::DataSet OverrideDatasetParameterOperation": { "NewDefaultValues": "The new default values for the parameter.", @@ -31594,8 +31594,8 @@ "ArcThickness": "The arc thickness of a `GaugeChartVisual` ." }, "AWS::QuickSight::Template AssetOptions": { - "Timezone": "", - "WeekStart": "" + "Timezone": "Determines the timezone for the analysis.", + "WeekStart": "Determines the week start day for an analysis." }, "AWS::QuickSight::Template AttributeAggregationFunction": { "SimpleAttributeAggregation": "The built-in aggregation functions for attributes.\n\n- `UNIQUE_VALUE` : Returns the unique value for a field, aggregated by the dimension fields.", @@ -33771,7 +33771,7 @@ "ColumnConfigurations": "An array of template-level column configurations. Column configurations are used to set default formatting for a column that's used throughout a template.", "DataSetConfigurations": "An array of dataset configurations. These configurations define the required columns for each dataset used within a template.", "FilterGroups": "Filter definitions for a template.\n\nFor more information, see [Filtering Data](https://docs.aws.amazon.com/quicksight/latest/user/filtering-visual-data.html) in the *Amazon QuickSight User Guide* .", - "Options": "", + "Options": "An array of option definitions for a template.", "ParameterDeclarations": "An array of parameter declarations for a template.\n\n*Parameters* are named variables that can transfer a value for use by an action or an object.\n\nFor more information, see [Parameters in Amazon QuickSight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-in-quicksight.html) in the *Amazon QuickSight User Guide* .", "Sheets": "An array of sheet definitions for a template." }, @@ -33935,7 +33935,7 @@ "Name": "The name of a computation." }, "AWS::QuickSight::Template ValidationStrategy": { - "Mode": "The mode of validation for the asset to be creaed or updated. When you set this value to `STRICT` , strict validation for every error is enforced. When you set this value to `LENIENT` , validation is skipped for specific UI errors." + "Mode": "The mode of validation for the asset to be created or updated. When you set this value to `STRICT` , strict validation for every error is enforced. When you set this value to `LENIENT` , validation is skipped for specific UI errors." }, "AWS::QuickSight::Template VisibleRangeOptions": { "PercentRange": "The percent range in the visible range." @@ -35160,51 +35160,51 @@ "Value": "" }, "AWS::ResilienceHub::App": { - "AppAssessmentSchedule": "", + "AppAssessmentSchedule": "Assessment execution schedule with 'Daily' or 'Disabled' values.", "AppTemplateBody": "A JSON string that provides information about your application structure. To learn more about the `appTemplateBody` template, see the sample template in [Sample appTemplateBody template](https://docs.aws.amazon.com//resilience-hub/latest/APIReference/API_PutDraftAppVersionTemplate.html#API_PutDraftAppVersionTemplate_Examples) .\n\nThe `appTemplateBody` JSON string has the following structure:\n\n- *`resources`*\n\nThe list of logical resources that needs to be included in the AWS Resilience Hub application.\n\nType: Array\n\n> Don't add the resources that you want to exclude. \n\nEach `resources` array item includes the following fields:\n\n- *`logicalResourceId`*\n\nThe logical identifier of the resource.\n\nType: Object\n\nEach `logicalResourceId` object includes the following fields:\n\n- `identifier`\n\nIdentifier of the resource.\n\nType: String\n- `logicalStackName`\n\nName of the AWS CloudFormation stack this resource belongs to.\n\nType: String\n- `resourceGroupName`\n\nName of the resource group this resource belongs to.\n\nType: String\n- `terraformSourceName`\n\nName of the Terraform S3 state file this resource belongs to.\n\nType: String\n- `eksSourceName`\n\nName of the Amazon Elastic Kubernetes Service cluster and namespace this resource belongs to.\n\n> This parameter accepts values in \"eks-cluster/namespace\" format. \n\nType: String\n- *`type`*\n\nThe type of resource.\n\nType: string\n- *`name`*\n\nName of the resource.\n\nType: String\n- `additionalInfo`\n\nAdditional configuration parameters for an AWS Resilience Hub application. If you want to implement `additionalInfo` through the AWS Resilience Hub console rather than using an API call, see [Configure the application configuration parameters](https://docs.aws.amazon.com//resilience-hub/latest/userguide/app-config-param.html) .\n\n> Currently, this parameter accepts a key-value mapping (in a string format) of only one failover region and one associated account.\n> \n> Key: `\"failover-regions\"`\n> \n> Value: `\"[{\"region\":\"\", \"accounts\":[{\"id\":\"\"}]}]\"`\n- *`appComponents`*\n\nThe list of Application Components (AppComponent) that this resource belongs to. If an AppComponent is not part of the AWS Resilience Hub application, it will be added.\n\nType: Array\n\nEach `appComponents` array item includes the following fields:\n\n- `name`\n\nName of the AppComponent.\n\nType: String\n- `type`\n\nThe type of AppComponent. For more information about the types of AppComponent, see [Grouping resources in an AppComponent](https://docs.aws.amazon.com/resilience-hub/latest/userguide/AppComponent.grouping.html) .\n\nType: String\n- `resourceNames`\n\nThe list of included resources that are assigned to the AppComponent.\n\nType: Array of strings\n- `additionalInfo`\n\nAdditional configuration parameters for an AWS Resilience Hub application. If you want to implement `additionalInfo` through the AWS Resilience Hub console rather than using an API call, see [Configure the application configuration parameters](https://docs.aws.amazon.com//resilience-hub/latest/userguide/app-config-param.html) .\n\n> Currently, this parameter accepts a key-value mapping (in a string format) of only one failover region and one associated account.\n> \n> Key: `\"failover-regions\"`\n> \n> Value: `\"[{\"region\":\"\", \"accounts\":[{\"id\":\"\"}]}]\"`\n- *`excludedResources`*\n\nThe list of logical resource identifiers to be excluded from the application.\n\nType: Array\n\n> Don't add the resources that you want to include. \n\nEach `excludedResources` array item includes the following fields:\n\n- *`logicalResourceIds`*\n\nThe logical identifier of the resource.\n\nType: Object\n\n> You can configure only one of the following fields:\n> \n> - `logicalStackName`\n> - `resourceGroupName`\n> - `terraformSourceName`\n> - `eksSourceName` \n\nEach `logicalResourceIds` object includes the following fields:\n\n- `identifier`\n\nThe identifier of the resource.\n\nType: String\n- `logicalStackName`\n\nName of the AWS CloudFormation stack this resource belongs to.\n\nType: String\n- `resourceGroupName`\n\nName of the resource group this resource belongs to.\n\nType: String\n- `terraformSourceName`\n\nName of the Terraform S3 state file this resource belongs to.\n\nType: String\n- `eksSourceName`\n\nName of the Amazon Elastic Kubernetes Service cluster and namespace this resource belongs to.\n\n> This parameter accepts values in \"eks-cluster/namespace\" format. \n\nType: String\n- *`version`*\n\nThe AWS Resilience Hub application version.\n- `additionalInfo`\n\nAdditional configuration parameters for an AWS Resilience Hub application. If you want to implement `additionalInfo` through the AWS Resilience Hub console rather than using an API call, see [Configure the application configuration parameters](https://docs.aws.amazon.com//resilience-hub/latest/userguide/app-config-param.html) .\n\n> Currently, this parameter accepts a key-value mapping (in a string format) of only one failover region and one associated account.\n> \n> Key: `\"failover-regions\"`\n> \n> Value: `\"[{\"region\":\"\", \"accounts\":[{\"id\":\"\"}]}]\"`", - "Description": "", - "EventSubscriptions": "", - "Name": "", - "PermissionModel": "", + "Description": "Optional description for an application.", + "EventSubscriptions": "The list of events you would like to subscribe and get notification for. Currently, AWS Resilience Hub supports notifications only for *Drift detected* and *Scheduled assessment failure* events.", + "Name": "Name for the application.", + "PermissionModel": "Defines the roles and credentials that AWS Resilience Hub would use while creating the application, importing its resources, and running an assessment.", "ResiliencyPolicyArn": "The Amazon Resource Name (ARN) of the resiliency policy.", "ResourceMappings": "An array of `ResourceMapping` objects.", - "Tags": "" + "Tags": "Tags assigned to the resource. A tag is a label that you assign to an AWS resource. Each tag consists of a key/value pair." }, "AWS::ResilienceHub::App EventSubscription": { - "EventType": "", - "Name": "", - "SnsTopicArn": "" + "EventType": "The type of event you would like to subscribe and get notification for. Currently, AWS Resilience Hub supports notifications only for *Drift detected* ( `DriftDetected` ) and *Scheduled assessment failure* ( `ScheduledAssessmentFailure` ) events.", + "Name": "Unique name to identify an event subscription.", + "SnsTopicArn": "Amazon Resource Name (ARN) of the Amazon Simple Notification Service topic. The format for this ARN is: `arn:partition:sns:region:account:topic-name` . For more information about ARNs, see [Amazon Resource Names (ARNs)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* guide." }, "AWS::ResilienceHub::App PermissionModel": { - "CrossAccountRoleArns": "", - "InvokerRoleName": "", - "Type": "" + "CrossAccountRoleArns": "Defines a list of role Amazon Resource Names (ARNs) to be used in other accounts. These ARNs are used for querying purposes while importing resources and assessing your application.\n\n> - These ARNs are required only when your resources are in other accounts and you have different role name in these accounts. Else, the invoker role name will be used in the other accounts.\n> - These roles must have a trust policy with `iam:AssumeRole` permission to the invoker role in the primary account.", + "InvokerRoleName": "Existing AWS IAM role name in the primary AWS account that will be assumed by AWS Resilience Hub Service Principle to obtain a read-only access to your application resources while running an assessment.\n\n> - You must have `iam:passRole` permission for this role while creating or updating the application.\n> - Currently, `invokerRoleName` accepts only `[A-Za-z0-9_+=,.@-]` characters.", + "Type": "Defines how AWS Resilience Hub scans your resources. It can scan for the resources by using a pre-existing role in your AWS account, or by using the credentials of the current IAM user." }, "AWS::ResilienceHub::App PhysicalResourceId": { - "AwsAccountId": "", - "AwsRegion": "", - "Identifier": "", - "Type": "" + "AwsAccountId": "The AWS account that owns the physical resource.", + "AwsRegion": "The AWS Region that the physical resource is located in.", + "Identifier": "Identifier of the physical resource.", + "Type": "Specifies the type of physical resource identifier.\n\n- **Arn** - The resource identifier is an Amazon Resource Name (ARN) and it can identify the following list of resources:\n\n- `AWS::ECS::Service`\n- `AWS::EFS::FileSystem`\n- `AWS::ElasticLoadBalancingV2::LoadBalancer`\n- `AWS::Lambda::Function`\n- `AWS::SNS::Topic`\n- **Native** - The resource identifier is an AWS Resilience Hub -native identifier and it can identify the following list of resources:\n\n- `AWS::ApiGateway::RestApi`\n- `AWS::ApiGatewayV2::Api`\n- `AWS::AutoScaling::AutoScalingGroup`\n- `AWS::DocDB::DBCluster`\n- `AWS::DocDB::DBGlobalCluster`\n- `AWS::DocDB::DBInstance`\n- `AWS::DynamoDB::GlobalTable`\n- `AWS::DynamoDB::Table`\n- `AWS::EC2::EC2Fleet`\n- `AWS::EC2::Instance`\n- `AWS::EC2::NatGateway`\n- `AWS::EC2::Volume`\n- `AWS::ElasticLoadBalancing::LoadBalancer`\n- `AWS::RDS::DBCluster`\n- `AWS::RDS::DBInstance`\n- `AWS::RDS::GlobalCluster`\n- `AWS::Route53::RecordSet`\n- `AWS::S3::Bucket`\n- `AWS::SQS::Queue`" }, "AWS::ResilienceHub::App ResourceMapping": { - "EksSourceName": "", - "LogicalStackName": "", - "MappingType": "", - "PhysicalResourceId": "", - "ResourceName": "", - "TerraformSourceName": "" + "EksSourceName": "Name of the Amazon Elastic Kubernetes Service cluster and namespace this resource belongs to.\n\n> This parameter accepts values in \"eks-cluster/namespace\" format.", + "LogicalStackName": "The name of the AWS CloudFormation stack this resource is mapped to.", + "MappingType": "Specifies the type of resource mapping.\n\n- **AppRegistryApp** - The resource is mapped to another application. The name of the application is contained in the `appRegistryAppName` property.\n- **CfnStack** - The resource is mapped to a AWS CloudFormation stack. The name of the AWS CloudFormation stack is contained in the `logicalStackName` property.\n- **Resource** - The resource is mapped to another resource. The name of the resource is contained in the `resourceName` property.\n- **ResourceGroup** - The resource is mapped to AWS Resource Groups . The name of the resource group is contained in the `resourceGroupName` property.", + "PhysicalResourceId": "Identifier of the physical resource.", + "ResourceName": "Name of the resource that the resource is mapped to.", + "TerraformSourceName": "The short name of the Terraform source." }, "AWS::ResilienceHub::ResiliencyPolicy": { - "DataLocationConstraint": "", - "Policy": "", - "PolicyDescription": "", - "PolicyName": "", - "Tags": "", - "Tier": "" + "DataLocationConstraint": "Specifies a high-level geographical location constraint for where your resilience policy data can be stored.", + "Policy": "The resiliency policy.", + "PolicyDescription": "The description for the policy.", + "PolicyName": "The name of the policy", + "Tags": "Tags assigned to the resource. A tag is a label that you assign to an AWS resource. Each tag consists of a key/value pair.", + "Tier": "The tier for this resiliency policy, ranging from the highest severity ( `MissionCritical` ) to lowest ( `NonCritical` )." }, "AWS::ResilienceHub::ResiliencyPolicy FailurePolicy": { - "RpoInSecs": "", - "RtoInSecs": "" + "RpoInSecs": "Recovery Point Objective (RPO) in seconds.", + "RtoInSecs": "Recovery Time Objective (RTO) in seconds." }, "AWS::ResourceExplorer2::DefaultViewAssociation": { "ViewArn": "The ARN of the view to set as the default for the AWS Region and AWS account in which you call this operation. The specified view must already exist in the specified Region." @@ -35334,14 +35334,14 @@ "Value": "The tag value." }, "AWS::RolesAnywhere::Profile": { - "DurationSeconds": "The number of seconds vended session credentials will be valid for", - "Enabled": "The enabled status of the resource.", - "ManagedPolicyArns": "A list of managed policy ARNs. Managed policies identified by this list will be applied to the vended session credentials.", - "Name": "The customer specified name of the resource.", - "RequireInstanceProperties": "Specifies whether instance properties are required in CreateSession requests with this profile.", - "RoleArns": "A list of IAM role ARNs that can be assumed when this profile is specified in a CreateSession request.", - "SessionPolicy": "A session policy that will applied to the trust boundary of the vended session credentials.", - "Tags": "A list of Tags." + "DurationSeconds": "Sets the maximum number of seconds that vended temporary credentials through [CreateSession](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html) will be valid for, between 900 and 3600.", + "Enabled": "Indicates whether the profile is enabled.", + "ManagedPolicyArns": "A list of managed policy ARNs that apply to the vended session credentials.", + "Name": "The name of the profile.", + "RequireInstanceProperties": "Specifies whether instance properties are required in temporary credential requests with this profile.", + "RoleArns": "A list of IAM role ARNs. During `CreateSession` , if a matching role ARN is provided, the properties in this profile will be applied to the intersection session policy.", + "SessionPolicy": "A session policy that applies to the trust boundary of the vended session credentials.", + "Tags": "The tags to attach to the profile." }, "AWS::RolesAnywhere::Profile Tag": { "Key": "The tag key.", @@ -35361,8 +35361,8 @@ "Threshold": "The number of days before a notification event. This value is required for a notification setting that is enabled." }, "AWS::RolesAnywhere::TrustAnchor Source": { - "SourceData": "A union object representing the data field of the TrustAnchor depending on its type", - "SourceType": "The type of the TrustAnchor." + "SourceData": "The data field of the trust anchor depending on its type.", + "SourceType": "The type of the TrustAnchor.\n\n> `AWS_ACM_PCA` is not an allowed value in your region." }, "AWS::RolesAnywhere::TrustAnchor SourceData": { "AcmPcaArn": "The root certificate of the AWS Private Certificate Authority specified by this ARN is used in trust validation for temporary credential requests. Included for trust anchors of type `AWS_ACM_PCA` .\n\n> This field is not supported in your region.", @@ -36519,7 +36519,7 @@ "Subscription": "The Amazon SNS subscriptions (endpoints) for this topic.\n\n> If you specify the `Subscription` property in the `AWS::SNS::Topic` resource and it creates an associated subscription resource, the associated subscription is not deleted when the `AWS::SNS::Topic` resource is deleted.", "Tags": "The list of tags to add to a new topic.\n\n> To be able to tag a topic on creation, you must have the `sns:CreateTopic` and `sns:TagResource` permissions.", "TopicName": "The name of the topic you want to create. Topic names must include only uppercase and lowercase ASCII letters, numbers, underscores, and hyphens, and must be between 1 and 256 characters long. FIFO topic names must end with `.fifo` .\n\nIf you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the topic name. For more information, see [Name type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) .\n\n> If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.", - "TracingConfig": "Tracing mode of an Amazon SNS topic. By default `TracingConfig` is set to `PassThrough` , and the topic passes through the tracing header it receives from an Amazon SNS publisher to its subscriptions. If set to `Active` , Amazon SNS will vend X-Ray segment data to topic owner account if the sampled flag in the tracing header is true. Only supported on standard topics." + "TracingConfig": "Tracing mode of an Amazon SNS topic. By default `TracingConfig` is set to `PassThrough` , and the topic passes through the tracing header it receives from an Amazon SNS publisher to its subscriptions. If set to `Active` , Amazon SNS will vend X-Ray segment data to topic owner account if the sampled flag in the tracing header is true." }, "AWS::SNS::Topic Subscription": { "Endpoint": "The endpoint that receives notifications from the Amazon SNS topic. The endpoint value depends on the protocol that you specify. For more information, see the `Endpoint` parameter of the `[Subscribe](https://docs.aws.amazon.com/sns/latest/api/API_Subscribe.html)` action in the *Amazon SNS API Reference* .", diff --git a/schema_source/cloudformation.schema.json b/schema_source/cloudformation.schema.json index daf574ac9..f80a8faae 100644 --- a/schema_source/cloudformation.schema.json +++ b/schema_source/cloudformation.schema.json @@ -29993,7 +29993,7 @@ "type": "string" }, "ImageId": { - "markdownDescription": "The identifier for the Amazon Machine Image (AMI) that's used to create the EC2 instance. To choose an AMI for the instance, you must specify a valid AMI alias or a valid AWS Systems Manager path.\n\nFrom November 20, 2023, you will be required to include the `imageId` parameter for the `CreateEnvironmentEC2` action. This change will be reflected across all direct methods of communicating with the API, such as AWS SDK, AWS CLI and AWS CloudFormation. This change will only affect direct API consumers, and not AWS Cloud9 console users.\n\nFrom January 22, 2024, Amazon Linux (AL1) will be removed from the list of available image IDs for Cloud9. This is necessary as AL1 will reach the end of maintenance support in December 2023, and as a result will no longer receive security updates. We recommend using Amazon Linux 2 as the new AMI to create your environment as it is fully supported. This change will only affect direct API consumers, and not AWS Cloud9 console users.\n\nSince Ubuntu 18.04 has ended standard support as of May 31, 2023, we recommend you choose Ubuntu 22.04.\n\n*AMI aliases*\n\n- *Amazon Linux (default): `amazonlinux-1-x86_64`*\n- Amazon Linux 2: `amazonlinux-2-x86_64`\n- Ubuntu 18.04: `ubuntu-18.04-x86_64`\n- Ubuntu 22.04: `ubuntu-22.04-x86_64`\n\n*SSM paths*\n\n- *Amazon Linux (default): `resolve:ssm:/aws/service/cloud9/amis/amazonlinux-1-x86_64`*\n- Amazon Linux 2: `resolve:ssm:/aws/service/cloud9/amis/amazonlinux-2-x86_64`\n- Ubuntu 18.04: `resolve:ssm:/aws/service/cloud9/amis/ubuntu-18.04-x86_64`\n- Ubuntu 22.04: `resolve:ssm:/aws/service/cloud9/amis/ubuntu-22.04-x86_64`", + "markdownDescription": "The identifier for the Amazon Machine Image (AMI) that's used to create the EC2 instance. To choose an AMI for the instance, you must specify a valid AMI alias or a valid AWS Systems Manager path.\n\nFrom November 20, 2023, you will be required to include the `imageId` parameter for the `CreateEnvironmentEC2` action. This change will be reflected across all direct methods of communicating with the API, such as AWS SDK, AWS CLI and AWS CloudFormation. This change will only affect direct API consumers, and not AWS Cloud9 console users.\n\nFrom January 22, 2024, Amazon Linux (AL1) will be removed from the list of available image IDs for Cloud9. This is necessary as AL1 will reach the end of maintenance support in December 2023, and as a result will no longer receive security updates. We recommend using Amazon Linux 2 as the new AMI to create your environment as it is fully supported. This change will only affect direct API consumers, and not AWS Cloud9 console users.\n\nSince Ubuntu 18.04 has ended standard support as of May 31, 2023, we recommend you choose Ubuntu 22.04.\n\n*AMI aliases*\n\n- Amazon Linux: `amazonlinux-1-x86_64`\n- Amazon Linux 2: `amazonlinux-2-x86_64`\n- Ubuntu 18.04: `ubuntu-18.04-x86_64`\n- Ubuntu 22.04: `ubuntu-22.04-x86_64`\n\n*SSM paths*\n\n- Amazon Linux: `resolve:ssm:/aws/service/cloud9/amis/amazonlinux-1-x86_64`\n- Amazon Linux 2: `resolve:ssm:/aws/service/cloud9/amis/amazonlinux-2-x86_64`\n- Ubuntu 18.04: `resolve:ssm:/aws/service/cloud9/amis/ubuntu-18.04-x86_64`\n- Ubuntu 22.04: `resolve:ssm:/aws/service/cloud9/amis/ubuntu-22.04-x86_64`", "title": "ImageId", "type": "string" }, @@ -34901,7 +34901,7 @@ "type": "array" }, "Field": { - "markdownDescription": "A field in a CloudTrail event record on which to filter events to be logged. For event data stores for AWS Config configuration items, Audit Manager evidence, or non- AWS events, the field is used only for selecting events as filtering is not supported.\n\nFor CloudTrail event records, supported fields include `readOnly` , `eventCategory` , `eventSource` (for management events), `eventName` , `resources.type` , and `resources.ARN` .\n\nFor event data stores for AWS Config configuration items, Audit Manager evidence, or non- AWS events, the only supported field is `eventCategory` .\n\n- *`readOnly`* - Optional. Can be set to `Equals` a value of `true` or `false` . If you do not add this field, CloudTrail logs both `read` and `write` events. A value of `true` logs only `read` events. A value of `false` logs only `write` events.\n- *`eventSource`* - For filtering management events only. This can be set to `NotEquals` `kms.amazonaws.com` or `NotEquals` `rdsdata.amazonaws.com` .\n- *`eventName`* - Can use any operator. You can use it to \ufb01lter in or \ufb01lter out any data event logged to CloudTrail, such as `PutBucket` or `GetSnapshotBlock` . You can have multiple values for this \ufb01eld, separated by commas.\n- *`eventCategory`* - This is required and must be set to `Equals` .\n\n- For CloudTrail event records, the value must be `Management` or `Data` .\n- For CloudTrail Insights event records, the value must be `Insight` .\n- For AWS Config configuration items, the value must be `ConfigurationItem` .\n- For Audit Manager evidence, the value must be `Evidence` .\n- For non- AWS events, the value must be `ActivityAuditLog` .\n- *`resources.type`* - This \ufb01eld is required for CloudTrail data events. `resources.type` can only use the `Equals` operator, and the value can be one of the following:\n\n- `AWS::DynamoDB::Table`\n- `AWS::Lambda::Function`\n- `AWS::S3::Object`\n- `AWS::CloudTrail::Channel`\n- `AWS::CodeWhisperer::Customization`\n- `AWS::CodeWhisperer::Profile`\n- `AWS::Cognito::IdentityPool`\n- `AWS::DynamoDB::Stream`\n- `AWS::EC2::Snapshot`\n- `AWS::EMRWAL::Workspace`\n- `AWS::FinSpace::Environment`\n- `AWS::Glue::Table`\n- `AWS::GuardDuty::Detector`\n- `AWS::KendraRanking::ExecutionPlan`\n- `AWS::KinesisVideo::Stream`\n- `AWS::ManagedBlockchain::Network`\n- `AWS::ManagedBlockchain::Node`\n- `AWS::MedicalImaging::Datastore`\n- `AWS::PCAConnectorAD::Connector`\n- `AWS::SageMaker::Endpoint`\n- `AWS::SageMaker::ExperimentTrialComponent`\n- `AWS::SageMaker::FeatureGroup`\n- `AWS::SNS::PlatformEndpoint`\n- `AWS::SNS::Topic`\n- `AWS::S3::AccessPoint`\n- `AWS::S3ObjectLambda::AccessPoint`\n- `AWS::S3Outposts::Object`\n- `AWS::SSMMessages::ControlChannel`\n- `AWS::Timestream::Database`\n- `AWS::Timestream::Table`\n- `AWS::VerifiedPermissions::PolicyStore`\n\nYou can have only one `resources.type` \ufb01eld per selector. To log data events on more than one resource type, add another selector.\n- *`resources.ARN`* - You can use any operator with `resources.ARN` , but if you use `Equals` or `NotEquals` , the value must exactly match the ARN of a valid resource of the type you've speci\ufb01ed in the template as the value of resources.type. For example, if resources.type equals `AWS::S3::Object` , the ARN must be in one of the following formats. To log all data events for all objects in a specific S3 bucket, use the `StartsWith` operator, and include only the bucket ARN as the matching value.\n\nThe trailing slash is intentional; do not exclude it. Replace the text between less than and greater than symbols (<>) with resource-specific information.\n\n- `arn::s3:::/`\n- `arn::s3::://`\n\nWhen resources.type equals `AWS::DynamoDB::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::dynamodb:::table/`\n\nWhen resources.type equals `AWS::Lambda::Function` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::lambda:::function:`\n\nWhen resources.type equals `AWS::CloudTrail::Channel` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::cloudtrail:::channel/`\n\nWhen resources.type equals `AWS::CodeWhisperer::Customization` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::codewhisperer:::customization/`\n\nWhen resources.type equals `AWS::CodeWhisperer::Profile` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::codewhisperer:::profile/`\n\nWhen resources.type equals `AWS::Cognito::IdentityPool` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::cognito-identity:::identitypool/`\n\nWhen `resources.type` equals `AWS::DynamoDB::Stream` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::dynamodb:::table//stream/`\n\nWhen `resources.type` equals `AWS::EC2::Snapshot` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::ec2:::snapshot/`\n\nWhen `resources.type` equals `AWS::EMRWAL::Workspace` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::emrwal:::workspace/`\n\nWhen `resources.type` equals `AWS::FinSpace::Environment` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::finspace:::environment/`\n\nWhen `resources.type` equals `AWS::Glue::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::glue:::table//`\n\nWhen `resources.type` equals `AWS::GuardDuty::Detector` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::guardduty:::detector/`\n\nWhen `resources.type` equals `AWS::KendraRanking::ExecutionPlan` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::kendra-ranking:::rescore-execution-plan/`\n\nWhen `resources.type` equals `AWS::KinesisVideo::Stream` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::kinesisvideo:::stream/`\n\nWhen `resources.type` equals `AWS::ManagedBlockchain::Network` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::managedblockchain:::networks/`\n\nWhen `resources.type` equals `AWS::ManagedBlockchain::Node` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::managedblockchain:::nodes/`\n\nWhen `resources.type` equals `AWS::MedicalImaging::Datastore` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::medical-imaging:::datastore/`\n\nWhen `resources.type` equals `AWS::PCAConnectorAD::Connector` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::pca-connector-ad:::connector/`\n\nWhen `resources.type` equals `AWS::SageMaker::Endpoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::endpoint/`\n\nWhen `resources.type` equals `AWS::SageMaker::ExperimentTrialComponent` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::experiment-trial-component/`\n\nWhen `resources.type` equals `AWS::SageMaker::FeatureGroup` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::feature-group/`\n\nWhen `resources.type` equals `AWS::SNS::PlatformEndpoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sns:::endpoint///`\n\nWhen `resources.type` equals `AWS::SNS::Topic` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sns:::`\n\nWhen `resources.type` equals `AWS::S3::AccessPoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in one of the following formats. To log events on all objects in an S3 access point, we recommend that you use only the access point ARN, don\u2019t include the object path, and use the `StartsWith` or `NotStartsWith` operators.\n\n- `arn::s3:::accesspoint/`\n- `arn::s3:::accesspoint//object/`\n\nWhen `resources.type` equals `AWS::S3ObjectLambda::AccessPoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::s3-object-lambda:::accesspoint/`\n\nWhen `resources.type` equals `AWS::S3Outposts::Object` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::s3-outposts:::`\n\nWhen `resources.type` equals `AWS::SSMMessages::ControlChannel` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::ssmmessages:::control-channel/`\n\nWhen `resources.type` equals `AWS::Timestream::Database` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::timestream:::database/`\n\nWhen `resources.type` equals `AWS::Timestream::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::timestream:::database//table/`\n\nWhen resources.type equals `AWS::VerifiedPermissions::PolicyStore` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::verifiedpermissions:::policy-store/`", + "markdownDescription": "A field in a CloudTrail event record on which to filter events to be logged. For event data stores for AWS Config configuration items, Audit Manager evidence, or non- AWS events, the field is used only for selecting events as filtering is not supported.\n\nFor CloudTrail event records, supported fields include `readOnly` , `eventCategory` , `eventSource` (for management events), `eventName` , `resources.type` , and `resources.ARN` .\n\nFor event data stores for AWS Config configuration items, Audit Manager evidence, or non- AWS events, the only supported field is `eventCategory` .\n\n- *`readOnly`* - Optional. Can be set to `Equals` a value of `true` or `false` . If you do not add this field, CloudTrail logs both `read` and `write` events. A value of `true` logs only `read` events. A value of `false` logs only `write` events.\n- *`eventSource`* - For filtering management events only. This can be set to `NotEquals` `kms.amazonaws.com` or `NotEquals` `rdsdata.amazonaws.com` .\n- *`eventName`* - Can use any operator. You can use it to \ufb01lter in or \ufb01lter out any data event logged to CloudTrail, such as `PutBucket` or `GetSnapshotBlock` . You can have multiple values for this \ufb01eld, separated by commas.\n- *`eventCategory`* - This is required and must be set to `Equals` .\n\n- For CloudTrail event records, the value must be `Management` or `Data` .\n- For CloudTrail Insights event records, the value must be `Insight` .\n- For AWS Config configuration items, the value must be `ConfigurationItem` .\n- For Audit Manager evidence, the value must be `Evidence` .\n- For non- AWS events, the value must be `ActivityAuditLog` .\n- *`resources.type`* - This \ufb01eld is required for CloudTrail data events. `resources.type` can only use the `Equals` operator, and the value can be one of the following:\n\n- `AWS::DynamoDB::Table`\n- `AWS::Lambda::Function`\n- `AWS::S3::Object`\n- `AWS::CloudTrail::Channel`\n- `AWS::CodeWhisperer::Customization`\n- `AWS::CodeWhisperer::Profile`\n- `AWS::Cognito::IdentityPool`\n- `AWS::DynamoDB::Stream`\n- `AWS::EC2::Snapshot`\n- `AWS::EMRWAL::Workspace`\n- `AWS::FinSpace::Environment`\n- `AWS::Glue::Table`\n- `AWS::GuardDuty::Detector`\n- `AWS::KendraRanking::ExecutionPlan`\n- `AWS::KinesisVideo::Stream`\n- `AWS::ManagedBlockchain::Network`\n- `AWS::ManagedBlockchain::Node`\n- `AWS::MedicalImaging::Datastore`\n- `AWS::PCAConnectorAD::Connector`\n- `AWS::SageMaker::Endpoint`\n- `AWS::SageMaker::ExperimentTrialComponent`\n- `AWS::SageMaker::FeatureGroup`\n- `AWS::ServiceDiscovery::Namespace`\n- `AWS::ServiceDiscovery::Service`\n- `AWS::SNS::PlatformEndpoint`\n- `AWS::SNS::Topic`\n- `AWS::SQS::Queue`\n- `AWS::S3::AccessPoint`\n- `AWS::S3ObjectLambda::AccessPoint`\n- `AWS::S3Outposts::Object`\n- `AWS::SSMMessages::ControlChannel`\n- `AWS::Timestream::Database`\n- `AWS::Timestream::Table`\n- `AWS::VerifiedPermissions::PolicyStore`\n\nYou can have only one `resources.type` \ufb01eld per selector. To log data events on more than one resource type, add another selector.\n- *`resources.ARN`* - You can use any operator with `resources.ARN` , but if you use `Equals` or `NotEquals` , the value must exactly match the ARN of a valid resource of the type you've speci\ufb01ed in the template as the value of resources.type. For example, if resources.type equals `AWS::S3::Object` , the ARN must be in one of the following formats. To log all data events for all objects in a specific S3 bucket, use the `StartsWith` operator, and include only the bucket ARN as the matching value.\n\nThe trailing slash is intentional; do not exclude it. Replace the text between less than and greater than symbols (<>) with resource-specific information.\n\n- `arn::s3:::/`\n- `arn::s3::://`\n\nWhen resources.type equals `AWS::DynamoDB::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::dynamodb:::table/`\n\nWhen resources.type equals `AWS::Lambda::Function` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::lambda:::function:`\n\nWhen resources.type equals `AWS::CloudTrail::Channel` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::cloudtrail:::channel/`\n\nWhen resources.type equals `AWS::CodeWhisperer::Customization` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::codewhisperer:::customization/`\n\nWhen resources.type equals `AWS::CodeWhisperer::Profile` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::codewhisperer:::profile/`\n\nWhen resources.type equals `AWS::Cognito::IdentityPool` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::cognito-identity:::identitypool/`\n\nWhen `resources.type` equals `AWS::DynamoDB::Stream` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::dynamodb:::table//stream/`\n\nWhen `resources.type` equals `AWS::EC2::Snapshot` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::ec2:::snapshot/`\n\nWhen `resources.type` equals `AWS::EMRWAL::Workspace` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::emrwal:::workspace/`\n\nWhen `resources.type` equals `AWS::FinSpace::Environment` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::finspace:::environment/`\n\nWhen `resources.type` equals `AWS::Glue::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::glue:::table//`\n\nWhen `resources.type` equals `AWS::GuardDuty::Detector` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::guardduty:::detector/`\n\nWhen `resources.type` equals `AWS::KendraRanking::ExecutionPlan` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::kendra-ranking:::rescore-execution-plan/`\n\nWhen `resources.type` equals `AWS::KinesisVideo::Stream` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::kinesisvideo:::stream/`\n\nWhen `resources.type` equals `AWS::ManagedBlockchain::Network` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::managedblockchain:::networks/`\n\nWhen `resources.type` equals `AWS::ManagedBlockchain::Node` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::managedblockchain:::nodes/`\n\nWhen `resources.type` equals `AWS::MedicalImaging::Datastore` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::medical-imaging:::datastore/`\n\nWhen `resources.type` equals `AWS::PCAConnectorAD::Connector` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::pca-connector-ad:::connector/`\n\nWhen `resources.type` equals `AWS::SageMaker::Endpoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::endpoint/`\n\nWhen `resources.type` equals `AWS::SageMaker::ExperimentTrialComponent` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::experiment-trial-component/`\n\nWhen `resources.type` equals `AWS::SageMaker::FeatureGroup` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::feature-group/`\n\nWhen `resources.type` equals `AWS::ServiceDiscovery::Namespace` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::servicediscovery:::namespace/`\n\nWhen `resources.type` equals `AWS::ServiceDiscovery::Service` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::servicediscovery:::service/`\n\nWhen `resources.type` equals `AWS::SNS::PlatformEndpoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sns:::endpoint///`\n\nWhen `resources.type` equals `AWS::SNS::Topic` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sns:::`\n\nWhen `resources.type` equals `AWS::SQS::Queue` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sqs:::`\n\nWhen `resources.type` equals `AWS::S3::AccessPoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in one of the following formats. To log events on all objects in an S3 access point, we recommend that you use only the access point ARN, don\u2019t include the object path, and use the `StartsWith` or `NotStartsWith` operators.\n\n- `arn::s3:::accesspoint/`\n- `arn::s3:::accesspoint//object/`\n\nWhen `resources.type` equals `AWS::S3ObjectLambda::AccessPoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::s3-object-lambda:::accesspoint/`\n\nWhen `resources.type` equals `AWS::S3Outposts::Object` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::s3-outposts:::`\n\nWhen `resources.type` equals `AWS::SSMMessages::ControlChannel` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::ssmmessages:::control-channel/`\n\nWhen `resources.type` equals `AWS::Timestream::Database` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::timestream:::database/`\n\nWhen `resources.type` equals `AWS::Timestream::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::timestream:::database//table/`\n\nWhen resources.type equals `AWS::VerifiedPermissions::PolicyStore` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::verifiedpermissions:::policy-store/`", "title": "Field", "type": "string" }, @@ -35213,7 +35213,7 @@ "type": "array" }, "Field": { - "markdownDescription": "A field in a CloudTrail event record on which to filter events to be logged. For event data stores for AWS Config configuration items, Audit Manager evidence, or non- AWS events, the field is used only for selecting events as filtering is not supported.\n\nFor CloudTrail event records, supported fields include `readOnly` , `eventCategory` , `eventSource` (for management events), `eventName` , `resources.type` , and `resources.ARN` .\n\nFor event data stores for AWS Config configuration items, Audit Manager evidence, or non- AWS events, the only supported field is `eventCategory` .\n\n- *`readOnly`* - Optional. Can be set to `Equals` a value of `true` or `false` . If you do not add this field, CloudTrail logs both `read` and `write` events. A value of `true` logs only `read` events. A value of `false` logs only `write` events.\n- *`eventSource`* - For filtering management events only. This can be set to `NotEquals` `kms.amazonaws.com` or `NotEquals` `rdsdata.amazonaws.com` .\n- *`eventName`* - Can use any operator. You can use it to \ufb01lter in or \ufb01lter out any data event logged to CloudTrail, such as `PutBucket` or `GetSnapshotBlock` . You can have multiple values for this \ufb01eld, separated by commas.\n- *`eventCategory`* - This is required and must be set to `Equals` .\n\n- For CloudTrail event records, the value must be `Management` or `Data` .\n- For CloudTrail Insights event records, the value must be `Insight` .\n- For AWS Config configuration items, the value must be `ConfigurationItem` .\n- For Audit Manager evidence, the value must be `Evidence` .\n- For non- AWS events, the value must be `ActivityAuditLog` .\n- *`resources.type`* - This \ufb01eld is required for CloudTrail data events. `resources.type` can only use the `Equals` operator, and the value can be one of the following:\n\n- `AWS::DynamoDB::Table`\n- `AWS::Lambda::Function`\n- `AWS::S3::Object`\n- `AWS::CloudTrail::Channel`\n- `AWS::CodeWhisperer::Customization`\n- `AWS::CodeWhisperer::Profile`\n- `AWS::Cognito::IdentityPool`\n- `AWS::DynamoDB::Stream`\n- `AWS::EC2::Snapshot`\n- `AWS::EMRWAL::Workspace`\n- `AWS::FinSpace::Environment`\n- `AWS::Glue::Table`\n- `AWS::GuardDuty::Detector`\n- `AWS::KendraRanking::ExecutionPlan`\n- `AWS::KinesisVideo::Stream`\n- `AWS::ManagedBlockchain::Network`\n- `AWS::ManagedBlockchain::Node`\n- `AWS::MedicalImaging::Datastore`\n- `AWS::PCAConnectorAD::Connector`\n- `AWS::SageMaker::Endpoint`\n- `AWS::SageMaker::ExperimentTrialComponent`\n- `AWS::SageMaker::FeatureGroup`\n- `AWS::SNS::PlatformEndpoint`\n- `AWS::SNS::Topic`\n- `AWS::S3::AccessPoint`\n- `AWS::S3ObjectLambda::AccessPoint`\n- `AWS::S3Outposts::Object`\n- `AWS::SSMMessages::ControlChannel`\n- `AWS::Timestream::Database`\n- `AWS::Timestream::Table`\n- `AWS::VerifiedPermissions::PolicyStore`\n\nYou can have only one `resources.type` \ufb01eld per selector. To log data events on more than one resource type, add another selector.\n- *`resources.ARN`* - You can use any operator with `resources.ARN` , but if you use `Equals` or `NotEquals` , the value must exactly match the ARN of a valid resource of the type you've speci\ufb01ed in the template as the value of resources.type. For example, if resources.type equals `AWS::S3::Object` , the ARN must be in one of the following formats. To log all data events for all objects in a specific S3 bucket, use the `StartsWith` operator, and include only the bucket ARN as the matching value.\n\nThe trailing slash is intentional; do not exclude it. Replace the text between less than and greater than symbols (<>) with resource-specific information.\n\n- `arn::s3:::/`\n- `arn::s3::://`\n\nWhen resources.type equals `AWS::DynamoDB::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::dynamodb:::table/`\n\nWhen resources.type equals `AWS::Lambda::Function` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::lambda:::function:`\n\nWhen resources.type equals `AWS::CloudTrail::Channel` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::cloudtrail:::channel/`\n\nWhen resources.type equals `AWS::CodeWhisperer::Customization` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::codewhisperer:::customization/`\n\nWhen resources.type equals `AWS::CodeWhisperer::Profile` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::codewhisperer:::profile/`\n\nWhen resources.type equals `AWS::Cognito::IdentityPool` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::cognito-identity:::identitypool/`\n\nWhen `resources.type` equals `AWS::DynamoDB::Stream` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::dynamodb:::table//stream/`\n\nWhen `resources.type` equals `AWS::EC2::Snapshot` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::ec2:::snapshot/`\n\nWhen `resources.type` equals `AWS::EMRWAL::Workspace` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::emrwal:::workspace/`\n\nWhen `resources.type` equals `AWS::FinSpace::Environment` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::finspace:::environment/`\n\nWhen `resources.type` equals `AWS::Glue::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::glue:::table//`\n\nWhen `resources.type` equals `AWS::GuardDuty::Detector` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::guardduty:::detector/`\n\nWhen `resources.type` equals `AWS::KendraRanking::ExecutionPlan` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::kendra-ranking:::rescore-execution-plan/`\n\nWhen `resources.type` equals `AWS::KinesisVideo::Stream` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::kinesisvideo:::stream/`\n\nWhen `resources.type` equals `AWS::ManagedBlockchain::Network` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::managedblockchain:::networks/`\n\nWhen `resources.type` equals `AWS::ManagedBlockchain::Node` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::managedblockchain:::nodes/`\n\nWhen `resources.type` equals `AWS::MedicalImaging::Datastore` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::medical-imaging:::datastore/`\n\nWhen `resources.type` equals `AWS::PCAConnectorAD::Connector` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::pca-connector-ad:::connector/`\n\nWhen `resources.type` equals `AWS::SageMaker::Endpoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::endpoint/`\n\nWhen `resources.type` equals `AWS::SageMaker::ExperimentTrialComponent` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::experiment-trial-component/`\n\nWhen `resources.type` equals `AWS::SageMaker::FeatureGroup` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::feature-group/`\n\nWhen `resources.type` equals `AWS::SNS::PlatformEndpoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sns:::endpoint///`\n\nWhen `resources.type` equals `AWS::SNS::Topic` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sns:::`\n\nWhen `resources.type` equals `AWS::S3::AccessPoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in one of the following formats. To log events on all objects in an S3 access point, we recommend that you use only the access point ARN, don\u2019t include the object path, and use the `StartsWith` or `NotStartsWith` operators.\n\n- `arn::s3:::accesspoint/`\n- `arn::s3:::accesspoint//object/`\n\nWhen `resources.type` equals `AWS::S3ObjectLambda::AccessPoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::s3-object-lambda:::accesspoint/`\n\nWhen `resources.type` equals `AWS::S3Outposts::Object` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::s3-outposts:::`\n\nWhen `resources.type` equals `AWS::SSMMessages::ControlChannel` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::ssmmessages:::control-channel/`\n\nWhen `resources.type` equals `AWS::Timestream::Database` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::timestream:::database/`\n\nWhen `resources.type` equals `AWS::Timestream::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::timestream:::database//table/`\n\nWhen resources.type equals `AWS::VerifiedPermissions::PolicyStore` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::verifiedpermissions:::policy-store/`", + "markdownDescription": "A field in a CloudTrail event record on which to filter events to be logged. For event data stores for AWS Config configuration items, Audit Manager evidence, or non- AWS events, the field is used only for selecting events as filtering is not supported.\n\nFor CloudTrail event records, supported fields include `readOnly` , `eventCategory` , `eventSource` (for management events), `eventName` , `resources.type` , and `resources.ARN` .\n\nFor event data stores for AWS Config configuration items, Audit Manager evidence, or non- AWS events, the only supported field is `eventCategory` .\n\n- *`readOnly`* - Optional. Can be set to `Equals` a value of `true` or `false` . If you do not add this field, CloudTrail logs both `read` and `write` events. A value of `true` logs only `read` events. A value of `false` logs only `write` events.\n- *`eventSource`* - For filtering management events only. This can be set to `NotEquals` `kms.amazonaws.com` or `NotEquals` `rdsdata.amazonaws.com` .\n- *`eventName`* - Can use any operator. You can use it to \ufb01lter in or \ufb01lter out any data event logged to CloudTrail, such as `PutBucket` or `GetSnapshotBlock` . You can have multiple values for this \ufb01eld, separated by commas.\n- *`eventCategory`* - This is required and must be set to `Equals` .\n\n- For CloudTrail event records, the value must be `Management` or `Data` .\n- For CloudTrail Insights event records, the value must be `Insight` .\n- For AWS Config configuration items, the value must be `ConfigurationItem` .\n- For Audit Manager evidence, the value must be `Evidence` .\n- For non- AWS events, the value must be `ActivityAuditLog` .\n- *`resources.type`* - This \ufb01eld is required for CloudTrail data events. `resources.type` can only use the `Equals` operator, and the value can be one of the following:\n\n- `AWS::DynamoDB::Table`\n- `AWS::Lambda::Function`\n- `AWS::S3::Object`\n- `AWS::CloudTrail::Channel`\n- `AWS::CodeWhisperer::Customization`\n- `AWS::CodeWhisperer::Profile`\n- `AWS::Cognito::IdentityPool`\n- `AWS::DynamoDB::Stream`\n- `AWS::EC2::Snapshot`\n- `AWS::EMRWAL::Workspace`\n- `AWS::FinSpace::Environment`\n- `AWS::Glue::Table`\n- `AWS::GuardDuty::Detector`\n- `AWS::KendraRanking::ExecutionPlan`\n- `AWS::KinesisVideo::Stream`\n- `AWS::ManagedBlockchain::Network`\n- `AWS::ManagedBlockchain::Node`\n- `AWS::MedicalImaging::Datastore`\n- `AWS::PCAConnectorAD::Connector`\n- `AWS::SageMaker::Endpoint`\n- `AWS::SageMaker::ExperimentTrialComponent`\n- `AWS::SageMaker::FeatureGroup`\n- `AWS::ServiceDiscovery::Namespace`\n- `AWS::ServiceDiscovery::Service`\n- `AWS::SNS::PlatformEndpoint`\n- `AWS::SNS::Topic`\n- `AWS::SQS::Queue`\n- `AWS::S3::AccessPoint`\n- `AWS::S3ObjectLambda::AccessPoint`\n- `AWS::S3Outposts::Object`\n- `AWS::SSMMessages::ControlChannel`\n- `AWS::Timestream::Database`\n- `AWS::Timestream::Table`\n- `AWS::VerifiedPermissions::PolicyStore`\n\nYou can have only one `resources.type` \ufb01eld per selector. To log data events on more than one resource type, add another selector.\n- *`resources.ARN`* - You can use any operator with `resources.ARN` , but if you use `Equals` or `NotEquals` , the value must exactly match the ARN of a valid resource of the type you've speci\ufb01ed in the template as the value of resources.type. For example, if resources.type equals `AWS::S3::Object` , the ARN must be in one of the following formats. To log all data events for all objects in a specific S3 bucket, use the `StartsWith` operator, and include only the bucket ARN as the matching value.\n\nThe trailing slash is intentional; do not exclude it. Replace the text between less than and greater than symbols (<>) with resource-specific information.\n\n- `arn::s3:::/`\n- `arn::s3::://`\n\nWhen resources.type equals `AWS::DynamoDB::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::dynamodb:::table/`\n\nWhen resources.type equals `AWS::Lambda::Function` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::lambda:::function:`\n\nWhen resources.type equals `AWS::CloudTrail::Channel` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::cloudtrail:::channel/`\n\nWhen resources.type equals `AWS::CodeWhisperer::Customization` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::codewhisperer:::customization/`\n\nWhen resources.type equals `AWS::CodeWhisperer::Profile` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::codewhisperer:::profile/`\n\nWhen resources.type equals `AWS::Cognito::IdentityPool` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::cognito-identity:::identitypool/`\n\nWhen `resources.type` equals `AWS::DynamoDB::Stream` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::dynamodb:::table//stream/`\n\nWhen `resources.type` equals `AWS::EC2::Snapshot` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::ec2:::snapshot/`\n\nWhen `resources.type` equals `AWS::EMRWAL::Workspace` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::emrwal:::workspace/`\n\nWhen `resources.type` equals `AWS::FinSpace::Environment` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::finspace:::environment/`\n\nWhen `resources.type` equals `AWS::Glue::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::glue:::table//`\n\nWhen `resources.type` equals `AWS::GuardDuty::Detector` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::guardduty:::detector/`\n\nWhen `resources.type` equals `AWS::KendraRanking::ExecutionPlan` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::kendra-ranking:::rescore-execution-plan/`\n\nWhen `resources.type` equals `AWS::KinesisVideo::Stream` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::kinesisvideo:::stream/`\n\nWhen `resources.type` equals `AWS::ManagedBlockchain::Network` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::managedblockchain:::networks/`\n\nWhen `resources.type` equals `AWS::ManagedBlockchain::Node` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::managedblockchain:::nodes/`\n\nWhen `resources.type` equals `AWS::MedicalImaging::Datastore` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::medical-imaging:::datastore/`\n\nWhen `resources.type` equals `AWS::PCAConnectorAD::Connector` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::pca-connector-ad:::connector/`\n\nWhen `resources.type` equals `AWS::SageMaker::Endpoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::endpoint/`\n\nWhen `resources.type` equals `AWS::SageMaker::ExperimentTrialComponent` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::experiment-trial-component/`\n\nWhen `resources.type` equals `AWS::SageMaker::FeatureGroup` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::feature-group/`\n\nWhen `resources.type` equals `AWS::ServiceDiscovery::Namespace` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::servicediscovery:::namespace/`\n\nWhen `resources.type` equals `AWS::ServiceDiscovery::Service` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::servicediscovery:::service/`\n\nWhen `resources.type` equals `AWS::SNS::PlatformEndpoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sns:::endpoint///`\n\nWhen `resources.type` equals `AWS::SNS::Topic` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sns:::`\n\nWhen `resources.type` equals `AWS::SQS::Queue` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sqs:::`\n\nWhen `resources.type` equals `AWS::S3::AccessPoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in one of the following formats. To log events on all objects in an S3 access point, we recommend that you use only the access point ARN, don\u2019t include the object path, and use the `StartsWith` or `NotStartsWith` operators.\n\n- `arn::s3:::accesspoint/`\n- `arn::s3:::accesspoint//object/`\n\nWhen `resources.type` equals `AWS::S3ObjectLambda::AccessPoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::s3-object-lambda:::accesspoint/`\n\nWhen `resources.type` equals `AWS::S3Outposts::Object` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::s3-outposts:::`\n\nWhen `resources.type` equals `AWS::SSMMessages::ControlChannel` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::ssmmessages:::control-channel/`\n\nWhen `resources.type` equals `AWS::Timestream::Database` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::timestream:::database/`\n\nWhen `resources.type` equals `AWS::Timestream::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::timestream:::database//table/`\n\nWhen resources.type equals `AWS::VerifiedPermissions::PolicyStore` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::verifiedpermissions:::policy-store/`", "title": "Field", "type": "string" }, @@ -35259,7 +35259,7 @@ "additionalProperties": false, "properties": { "Type": { - "markdownDescription": "The resource type in which you want to log data events. You can specify the following *basic* event selector resource types:\n\n- `AWS::DynamoDB::Table`\n- `AWS::Lambda::Function`\n- `AWS::S3::Object`\n\nThe following resource types are also available through *advanced* event selectors. Basic event selector resource types are valid in advanced event selectors, but advanced event selector resource types are not valid in basic event selectors. For more information, see [AdvancedFieldSelector](https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AdvancedFieldSelector.html) .\n\n- `AWS::CloudTrail::Channel`\n- `AWS::CodeWhisperer::Customization`\n- `AWS::CodeWhisperer::Profile`\n- `AWS::Cognito::IdentityPool`\n- `AWS::DynamoDB::Stream`\n- `AWS::EC2::Snapshot`\n- `AWS::EMRWAL::Workspace`\n- `AWS::FinSpace::Environment`\n- `AWS::Glue::Table`\n- `AWS::GuardDuty::Detector`\n- `AWS::KendraRanking::ExecutionPlan`\n- `AWS::KinesisVideo::Stream`\n- `AWS::ManagedBlockchain::Network`\n- `AWS::ManagedBlockchain::Node`\n- `AWS::MedicalImaging::Datastore`\n- `AWS::PCAConnectorAD::Connector`\n- `AWS::SageMaker::Endpoint`\n- `AWS::SageMaker::ExperimentTrialComponent`\n- `AWS::SageMaker::FeatureGroup`\n- `AWS::SNS::PlatformEndpoint`\n- `AWS::SNS::Topic`\n- `AWS::S3::AccessPoint`\n- `AWS::S3ObjectLambda::AccessPoint`\n- `AWS::S3Outposts::Object`\n- `AWS::SSMMessages::ControlChannel`\n- `AWS::Timestream::Database`\n- `AWS::Timestream::Table`\n- `AWS::VerifiedPermissions::PolicyStore`", + "markdownDescription": "The resource type in which you want to log data events. You can specify the following *basic* event selector resource types:\n\n- `AWS::DynamoDB::Table`\n- `AWS::Lambda::Function`\n- `AWS::S3::Object`\n\nThe following resource types are also available through *advanced* event selectors. Basic event selector resource types are valid in advanced event selectors, but advanced event selector resource types are not valid in basic event selectors. For more information, see [AdvancedFieldSelector](https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AdvancedFieldSelector.html) .\n\n- `AWS::CloudTrail::Channel`\n- `AWS::CodeWhisperer::Customization`\n- `AWS::CodeWhisperer::Profile`\n- `AWS::Cognito::IdentityPool`\n- `AWS::DynamoDB::Stream`\n- `AWS::EC2::Snapshot`\n- `AWS::EMRWAL::Workspace`\n- `AWS::FinSpace::Environment`\n- `AWS::Glue::Table`\n- `AWS::GuardDuty::Detector`\n- `AWS::KendraRanking::ExecutionPlan`\n- `AWS::KinesisVideo::Stream`\n- `AWS::ManagedBlockchain::Network`\n- `AWS::ManagedBlockchain::Node`\n- `AWS::MedicalImaging::Datastore`\n- `AWS::PCAConnectorAD::Connector`\n- `AWS::SageMaker::Endpoint`\n- `AWS::SageMaker::ExperimentTrialComponent`\n- `AWS::SageMaker::FeatureGroup`\n- `AWS::ServiceDiscovery::Namespace`\n- `AWS::ServiceDiscovery::Service`\n- `AWS::SNS::PlatformEndpoint`\n- `AWS::SNS::Topic`\n- `AWS::SQS::Queue`\n- `AWS::S3::AccessPoint`\n- `AWS::S3ObjectLambda::AccessPoint`\n- `AWS::S3Outposts::Object`\n- `AWS::SSMMessages::ControlChannel`\n- `AWS::Timestream::Database`\n- `AWS::Timestream::Table`\n- `AWS::VerifiedPermissions::PolicyStore`", "title": "Type", "type": "string" }, @@ -49601,7 +49601,7 @@ }, "PolicyDetails": { "$ref": "#/definitions/AWS::DLM::LifecyclePolicy.PolicyDetails", - "markdownDescription": "The configuration details of the lifecycle policy.", + "markdownDescription": "The configuration details of the lifecycle policy.\n\n> If you create a default policy, you can specify the request parameters either in the request body, or in the PolicyDetails request structure, but not both.", "title": "PolicyDetails" }, "State": { @@ -49710,7 +49710,7 @@ "type": "string" }, "Location": { - "markdownDescription": "*[Snapshot policies only]* Specifies the destination for snapshots created by the policy. To create snapshots in the same Region as the source resource, specify `CLOUD` . To create snapshots on the same Outpost as the source resource, specify `OUTPOST_LOCAL` . If you omit this parameter, `CLOUD` is used by default.\n\nIf the policy targets resources in an AWS Region , then you must create snapshots in the same Region as the source resource. If the policy targets resources on an Outpost, then you can create snapshots on the same Outpost as the source resource, or in the Region of that Outpost.", + "markdownDescription": "*[Custom snapshot policies only]* Specifies the destination for snapshots created by the policy. To create snapshots in the same Region as the source resource, specify `CLOUD` . To create snapshots on the same Outpost as the source resource, specify `OUTPOST_LOCAL` . If you omit this parameter, `CLOUD` is used by default.\n\nIf the policy targets resources in an AWS Region , then you must create snapshots in the same Region as the source resource. If the policy targets resources on an Outpost, then you can create snapshots on the same Outpost as the source resource, or in the Region of that Outpost.", "title": "Location", "type": "string" }, @@ -49718,7 +49718,7 @@ "items": { "$ref": "#/definitions/AWS::DLM::LifecyclePolicy.Script" }, - "markdownDescription": "*[Snapshot policies that target instances only]* Specifies pre and/or post scripts for a snapshot lifecycle policy that targets instances. This is useful for creating application-consistent snapshots, or for performing specific administrative tasks before or after Amazon Data Lifecycle Manager initiates snapshot creation.\n\nFor more information, see [Automating application-consistent snapshots with pre and post scripts](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/automate-app-consistent-backups.html) .", + "markdownDescription": "*[Custom snapshot policies that target instances only]* Specifies pre and/or post scripts for a snapshot lifecycle policy that targets instances. This is useful for creating application-consistent snapshots, or for performing specific administrative tasks before or after Amazon Data Lifecycle Manager initiates snapshot creation.\n\nFor more information, see [Automating application-consistent snapshots with pre and post scripts](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/automate-app-consistent-backups.html) .", "title": "Scripts", "type": "array" }, @@ -49813,7 +49813,7 @@ }, "DeprecateRule": { "$ref": "#/definitions/AWS::DLM::LifecyclePolicy.CrossRegionCopyDeprecateRule", - "markdownDescription": "*[AMI policies only]* The AMI deprecation rule for cross-Region AMI copies created by the rule.", + "markdownDescription": "*[Custom AMI policies only]* The AMI deprecation rule for cross-Region AMI copies created by the rule.", "title": "DeprecateRule" }, "Encrypted": { @@ -49827,12 +49827,12 @@ "title": "RetainRule" }, "Target": { - "markdownDescription": "> Use this parameter for snapshot policies only. For AMI policies, use *TargetRegion* instead. \n\n*[Snapshot policies only]* The target Region or the Amazon Resource Name (ARN) of the target Outpost for the snapshot copies.", + "markdownDescription": "> Use this parameter for snapshot policies only. For AMI policies, use *TargetRegion* instead. \n\n*[Custom snapshot policies only]* The target Region or the Amazon Resource Name (ARN) of the target Outpost for the snapshot copies.", "title": "Target", "type": "string" }, "TargetRegion": { - "markdownDescription": "> Use this parameter for AMI policies only. For snapshot policies, use *Target* instead. For snapshot policies created before the *Target* parameter was introduced, this parameter indicates the target Region for snapshot copies. \n\n*[AMI policies only]* The target Region or the Amazon Resource Name (ARN) of the target Outpost for the snapshot copies.", + "markdownDescription": "> Use this parameter for AMI policies only. For snapshot policies, use *Target* instead. For snapshot policies created before the *Target* parameter was introduced, this parameter indicates the target Region for snapshot copies. \n\n*[Custom AMI policies only]* The target Region or the Amazon Resource Name (ARN) of the target Outpost for the snapshot copies.", "title": "TargetRegion", "type": "string" } @@ -49962,7 +49962,7 @@ "additionalProperties": false, "properties": { "ExcludeBootVolume": { - "markdownDescription": "*[Snapshot policies that target instances only]* Indicates whether to exclude the root volume from multi-volume snapshot sets. The default is `false` . If you specify `true` , then the root volumes attached to targeted instances will be excluded from the multi-volume snapshot sets created by the policy.", + "markdownDescription": "*[Custom snapshot policies that target instances only]* Indicates whether to exclude the root volume from multi-volume snapshot sets. The default is `false` . If you specify `true` , then the root volumes attached to targeted instances will be excluded from the multi-volume snapshot sets created by the policy.", "title": "ExcludeBootVolume", "type": "boolean" }, @@ -49970,12 +49970,12 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "*[Snapshot policies that target instances only]* The tags used to identify data (non-root) volumes to exclude from multi-volume snapshot sets.\n\nIf you create a snapshot lifecycle policy that targets instances and you specify tags for this parameter, then data volumes with the specified tags that are attached to targeted instances will be excluded from the multi-volume snapshot sets created by the policy.", + "markdownDescription": "*[Custom snapshot policies that target instances only]* The tags used to identify data (non-root) volumes to exclude from multi-volume snapshot sets.\n\nIf you create a snapshot lifecycle policy that targets instances and you specify tags for this parameter, then data volumes with the specified tags that are attached to targeted instances will be excluded from the multi-volume snapshot sets created by the policy.", "title": "ExcludeDataVolumeTags", "type": "array" }, "NoReboot": { - "markdownDescription": "*[AMI policies only]* Indicates whether targeted instances are rebooted when the lifecycle policy runs. `true` indicates that targeted instances are not rebooted when the policy runs. `false` indicates that target instances are rebooted when the policy runs. The default is `true` (instances are not rebooted).", + "markdownDescription": "*[Custom AMI policies only]* Indicates whether targeted instances are rebooted when the lifecycle policy runs. `true` indicates that targeted instances are not rebooted when the policy runs. `false` indicates that target instances are rebooted when the policy runs. The default is `true` (instances are not rebooted).", "title": "NoReboot", "type": "boolean" } @@ -50000,11 +50000,11 @@ }, "Parameters": { "$ref": "#/definitions/AWS::DLM::LifecyclePolicy.Parameters", - "markdownDescription": "*[Snapshot and AMI policies only]* A set of optional parameters for snapshot and AMI lifecycle policies.\n\n> If you are modifying a policy that was created or previously modified using the Amazon Data Lifecycle Manager console, then you must include this parameter and specify either the default values or the new values that you require. You can't omit this parameter or set its values to null.", + "markdownDescription": "*[Custom snapshot and AMI policies only]* A set of optional parameters for snapshot and AMI lifecycle policies.\n\n> If you are modifying a policy that was created or previously modified using the Amazon Data Lifecycle Manager console, then you must include this parameter and specify either the default values or the new values that you require. You can't omit this parameter or set its values to null.", "title": "Parameters" }, "PolicyType": { - "markdownDescription": "*[All policy types]* The valid target resource types and actions a policy can manage. Specify `EBS_SNAPSHOT_MANAGEMENT` to create a lifecycle policy that manages the lifecycle of Amazon EBS snapshots. Specify `IMAGE_MANAGEMENT` to create a lifecycle policy that manages the lifecycle of EBS-backed AMIs. Specify `EVENT_BASED_POLICY` to create an event-based policy that performs specific actions when a defined event occurs in your AWS account .\n\nThe default is `EBS_SNAPSHOT_MANAGEMENT` .", + "markdownDescription": "*[Custom policies only]* The valid target resource types and actions a policy can manage. Specify `EBS_SNAPSHOT_MANAGEMENT` to create a lifecycle policy that manages the lifecycle of Amazon EBS snapshots. Specify `IMAGE_MANAGEMENT` to create a lifecycle policy that manages the lifecycle of EBS-backed AMIs. Specify `EVENT_BASED_POLICY` to create an event-based policy that performs specific actions when a defined event occurs in your AWS account .\n\nThe default is `EBS_SNAPSHOT_MANAGEMENT` .", "title": "PolicyType", "type": "string" }, @@ -50012,7 +50012,7 @@ "items": { "type": "string" }, - "markdownDescription": "*[Snapshot and AMI policies only]* The location of the resources to backup. If the source resources are located in an AWS Region , specify `CLOUD` . If the source resources are located on an Outpost in your account, specify `OUTPOST` .\n\nIf you specify `OUTPOST` , Amazon Data Lifecycle Manager backs up all resources of the specified type with matching target tags across all of the Outposts in your account.", + "markdownDescription": "*[Custom snapshot and AMI policies only]* The location of the resources to backup. If the source resources are located in an AWS Region , specify `CLOUD` . If the source resources are located on an Outpost in your account, specify `OUTPOST` .\n\nIf you specify `OUTPOST` , Amazon Data Lifecycle Manager backs up all resources of the specified type with matching target tags across all of the Outposts in your account.", "title": "ResourceLocations", "type": "array" }, @@ -50020,7 +50020,7 @@ "items": { "type": "string" }, - "markdownDescription": "*[Snapshot policies only]* The target resource type for snapshot and AMI lifecycle policies. Use `VOLUME` to create snapshots of individual volumes or use `INSTANCE` to create multi-volume snapshots from the volumes for an instance.", + "markdownDescription": "*[Custom snapshot policies only]* The target resource type for snapshot and AMI lifecycle policies. Use `VOLUME` to create snapshots of individual volumes or use `INSTANCE` to create multi-volume snapshots from the volumes for an instance.", "title": "ResourceTypes", "type": "array" }, @@ -50028,7 +50028,7 @@ "items": { "$ref": "#/definitions/AWS::DLM::LifecyclePolicy.Schedule" }, - "markdownDescription": "*[Snapshot and AMI policies only]* The schedules of policy-defined actions for snapshot and AMI lifecycle policies. A policy can have up to four schedules\u2014one mandatory schedule and up to three optional schedules.", + "markdownDescription": "*[Custom snapshot and AMI policies only]* The schedules of policy-defined actions for snapshot and AMI lifecycle policies. A policy can have up to four schedules\u2014one mandatory schedule and up to three optional schedules.", "title": "Schedules", "type": "array" }, @@ -50036,7 +50036,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "*[Snapshot and AMI policies only]* The single tag that identifies targeted resources for this policy.", + "markdownDescription": "*[Custom snapshot and AMI policies only]* The single tag that identifies targeted resources for this policy.", "title": "TargetTags", "type": "array" } @@ -50090,7 +50090,7 @@ "properties": { "ArchiveRule": { "$ref": "#/definitions/AWS::DLM::LifecyclePolicy.ArchiveRule", - "markdownDescription": "*[Snapshot policies that target volumes only]* The snapshot archiving rule for the schedule. When you specify an archiving rule, snapshots are automatically moved from the standard tier to the archive tier once the schedule's retention threshold is met. Snapshots are then retained in the archive tier for the archive retention period that you specify.\n\nFor more information about using snapshot archiving, see [Considerations for snapshot lifecycle policies](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshot-ami-policy.html#dlm-archive) .", + "markdownDescription": "*[Custom snapshot policies that target volumes only]* The snapshot archiving rule for the schedule. When you specify an archiving rule, snapshots are automatically moved from the standard tier to the archive tier once the schedule's retention threshold is met. Snapshots are then retained in the archive tier for the archive retention period that you specify.\n\nFor more information about using snapshot archiving, see [Considerations for snapshot lifecycle policies](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshot-ami-policy.html#dlm-archive) .", "title": "ArchiveRule" }, "CopyTags": { @@ -50113,12 +50113,12 @@ }, "DeprecateRule": { "$ref": "#/definitions/AWS::DLM::LifecyclePolicy.DeprecateRule", - "markdownDescription": "*[AMI policies only]* The AMI deprecation rule for the schedule.", + "markdownDescription": "*[Custom AMI policies only]* The AMI deprecation rule for the schedule.", "title": "DeprecateRule" }, "FastRestoreRule": { "$ref": "#/definitions/AWS::DLM::LifecyclePolicy.FastRestoreRule", - "markdownDescription": "*[Snapshot policies only]* The rule for enabling fast snapshot restore.", + "markdownDescription": "*[Custom snapshot policies only]* The rule for enabling fast snapshot restore.", "title": "FastRestoreRule" }, "Name": { @@ -50135,7 +50135,7 @@ "items": { "$ref": "#/definitions/AWS::DLM::LifecyclePolicy.ShareRule" }, - "markdownDescription": "*[Snapshot policies only]* The rule for sharing snapshots with other AWS accounts .", + "markdownDescription": "*[Custom snapshot policies only]* The rule for sharing snapshots with other AWS accounts .", "title": "ShareRules", "type": "array" }, @@ -68960,7 +68960,7 @@ "additionalProperties": false, "properties": { "Ipv6CidrBlock": { - "markdownDescription": "The IPv6 network range for the subnet, in CIDR notation. The subnet size must use a /64 prefix length.\n\nThis parameter is required for an IPv6 only subnet.", + "markdownDescription": "The IPv6 network range for the subnet, in CIDR notation. This parameter is required for an IPv6 only subnet.", "title": "Ipv6CidrBlock", "type": "string" }, @@ -70899,7 +70899,7 @@ "additionalProperties": false, "properties": { "AmazonProvidedIpv6CidrBlock": { - "markdownDescription": "Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IPv6 addresses, or the size of the CIDR block.", + "markdownDescription": "Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IPv6 addresses or the size of the CIDR block.", "title": "AmazonProvidedIpv6CidrBlock", "type": "boolean" }, @@ -106915,7 +106915,7 @@ "properties": { "S3Config": { "$ref": "#/definitions/AWS::InternetMonitor::Monitor.S3Config", - "markdownDescription": "The configuration for publishing Amazon CloudWatch Internet Monitor internet measurements to Amazon S3.", + "markdownDescription": "The configuration information for publishing Internet Monitor internet measurements to Amazon S3. The configuration includes the bucket name and (optionally) prefix for the S3 bucket to store the measurements, and the delivery status. The delivery status is `ENABLED` or `DISABLED` , depending on whether you choose to deliver internet measurements to S3 logs.", "title": "S3Config" } }, @@ -106946,17 +106946,17 @@ "additionalProperties": false, "properties": { "BucketName": { - "markdownDescription": "The Amazon S3 bucket name for internet measurements publishing.", + "markdownDescription": "The Amazon S3 bucket name.", "title": "BucketName", "type": "string" }, "BucketPrefix": { - "markdownDescription": "An optional Amazon S3 bucket prefix for internet measurements publishing.", + "markdownDescription": "The Amazon S3 bucket prefix.", "title": "BucketPrefix", "type": "string" }, "LogDeliveryStatus": { - "markdownDescription": "The status of publishing Internet Monitor internet measurements to an Amazon S3 bucket. The delivery status is `ENABLED` if you choose to deliver internet measurements to an S3 bucket, and `DISABLED` otherwise.", + "markdownDescription": "The status of publishing Internet Monitor internet measurements to an Amazon S3 bucket.", "title": "LogDeliveryStatus", "type": "string" } @@ -128592,7 +128592,7 @@ "additionalProperties": false, "properties": { "Destination": { - "markdownDescription": "The Amazon Resource Name (ARN) of the destination resource.", + "markdownDescription": "The Amazon Resource Name (ARN) of the destination resource.\n\nTo retain records of [asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations) , you can configure an Amazon SNS topic, Amazon SQS queue, Lambda function, or Amazon EventBridge event bus as the destination.\n\nTo retain records of failed invocations from [Kinesis and DynamoDB event sources](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventsourcemapping.html#event-source-mapping-destinations) , you can configure an Amazon SNS topic or Amazon SQS queue as the destination.\n\nTo retain records of failed invocations from [self-managed Kafka](https://docs.aws.amazon.com/lambda/latest/dg/with-kafka.html#services-smaa-onfailure-destination) or [Amazon MSK](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-onfailure-destination) , you can configure an Amazon SNS topic or Amazon SQS queue as the destination.", "title": "Destination", "type": "string" } @@ -128682,7 +128682,7 @@ "type": "boolean" }, "EventSourceArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of the event source.\n\n- *Amazon Kinesis* \u2013 The ARN of the data stream or a stream consumer.\n- *Amazon DynamoDB Streams* \u2013 The ARN of the stream.\n- *Amazon Simple Queue Service* \u2013 The ARN of the queue.\n- *Amazon Managed Streaming for Apache Kafka* \u2013 The ARN of the cluster.\n- *Amazon MQ* \u2013 The ARN of the broker.\n- *Amazon DocumentDB* \u2013 The ARN of the DocumentDB change stream.", + "markdownDescription": "The Amazon Resource Name (ARN) of the event source.\n\n- *Amazon Kinesis* \u2013 The ARN of the data stream or a stream consumer.\n- *Amazon DynamoDB Streams* \u2013 The ARN of the stream.\n- *Amazon Simple Queue Service* \u2013 The ARN of the queue.\n- *Amazon Managed Streaming for Apache Kafka* \u2013 The ARN of the cluster or the ARN of the VPC connection (for [cross-account event source mappings](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#msk-multi-vpc) ).\n- *Amazon MQ* \u2013 The ARN of the broker.\n- *Amazon DocumentDB* \u2013 The ARN of the DocumentDB change stream.", "title": "EventSourceArn", "type": "string" }, @@ -128891,7 +128891,7 @@ "additionalProperties": false, "properties": { "Destination": { - "markdownDescription": "The Amazon Resource Name (ARN) of the destination resource.", + "markdownDescription": "The Amazon Resource Name (ARN) of the destination resource.\n\nTo retain records of [asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations) , you can configure an Amazon SNS topic, Amazon SQS queue, Lambda function, or Amazon EventBridge event bus as the destination.\n\nTo retain records of failed invocations from [Kinesis and DynamoDB event sources](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventsourcemapping.html#event-source-mapping-destinations) , you can configure an Amazon SNS topic or Amazon SQS queue as the destination.\n\nTo retain records of failed invocations from [self-managed Kafka](https://docs.aws.amazon.com/lambda/latest/dg/with-kafka.html#services-smaa-onfailure-destination) or [Amazon MSK](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-onfailure-destination) , you can configure an Amazon SNS topic or Amazon SQS queue as the destination.", "title": "Destination", "type": "string" } @@ -167716,7 +167716,7 @@ }, "Options": { "$ref": "#/definitions/AWS::QuickSight::Analysis.AssetOptions", - "markdownDescription": "", + "markdownDescription": "An array of option definitions for an analysis.", "title": "Options" }, "ParameterDeclarations": { @@ -167878,12 +167878,12 @@ "additionalProperties": false, "properties": { "Timezone": { - "markdownDescription": "", + "markdownDescription": "Determines the timezone for the analysis.", "title": "Timezone", "type": "string" }, "WeekStart": { - "markdownDescription": "", + "markdownDescription": "Determines the week start day for an analysis.", "title": "WeekStart", "type": "string" } @@ -178882,7 +178882,7 @@ "additionalProperties": false, "properties": { "Mode": { - "markdownDescription": "The mode of validation for the asset to be creaed or updated. When you set this value to `STRICT` , strict validation for every error is enforced. When you set this value to `LENIENT` , validation is skipped for specific UI errors.", + "markdownDescription": "The mode of validation for the asset to be created or updated. When you set this value to `STRICT` , strict validation for every error is enforced. When you set this value to `LENIENT` , validation is skipped for specific UI errors.", "title": "Mode", "type": "string" } @@ -179575,7 +179575,7 @@ }, "LinkSharingConfiguration": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.LinkSharingConfiguration", - "markdownDescription": "A structure that contains the configuration of a shareable link to the dashboard.", + "markdownDescription": "A structure that contains the link sharing configurations that you want to apply overrides to.", "title": "LinkSharingConfiguration" }, "Name": { @@ -179808,12 +179808,12 @@ "additionalProperties": false, "properties": { "Timezone": { - "markdownDescription": "", + "markdownDescription": "Determines the timezone for the analysis.", "title": "Timezone", "type": "string" }, "WeekStart": { - "markdownDescription": "", + "markdownDescription": "Determines the week start day for an analysis.", "title": "WeekStart", "type": "string" } @@ -181973,7 +181973,7 @@ }, "Options": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.AssetOptions", - "markdownDescription": "", + "markdownDescription": "An array of option definitions for a dashboard.", "title": "Options" }, "ParameterDeclarations": { @@ -191179,7 +191179,7 @@ "additionalProperties": false, "properties": { "Mode": { - "markdownDescription": "The mode of validation for the asset to be creaed or updated. When you set this value to `STRICT` , strict validation for every error is enforced. When you set this value to `LENIENT` , validation is skipped for specific UI errors.", + "markdownDescription": "The mode of validation for the asset to be created or updated. When you set this value to `STRICT` , strict validation for every error is enforced. When you set this value to `LENIENT` , validation is skipped for specific UI errors.", "title": "Mode", "type": "string" } @@ -192647,12 +192647,12 @@ "type": "string" }, "Name": { - "markdownDescription": "A display name for the dataset.", + "markdownDescription": "The display name of the column..", "title": "Name", "type": "string" }, "Type": { - "markdownDescription": "The type.", + "markdownDescription": "The data type of the column.", "title": "Type", "type": "string" } @@ -194314,12 +194314,12 @@ "additionalProperties": false, "properties": { "Timezone": { - "markdownDescription": "", + "markdownDescription": "Determines the timezone for the analysis.", "title": "Timezone", "type": "string" }, "WeekStart": { - "markdownDescription": "", + "markdownDescription": "Determines the week start day for an analysis.", "title": "WeekStart", "type": "string" } @@ -204679,7 +204679,7 @@ }, "Options": { "$ref": "#/definitions/AWS::QuickSight::Template.AssetOptions", - "markdownDescription": "", + "markdownDescription": "An array of option definitions for a template.", "title": "Options" }, "ParameterDeclarations": { @@ -205464,7 +205464,7 @@ "additionalProperties": false, "properties": { "Mode": { - "markdownDescription": "The mode of validation for the asset to be creaed or updated. When you set this value to `STRICT` , strict validation for every error is enforced. When you set this value to `LENIENT` , validation is skipped for specific UI errors.", + "markdownDescription": "The mode of validation for the asset to be created or updated. When you set this value to `STRICT` , strict validation for every error is enforced. When you set this value to `LENIENT` , validation is skipped for specific UI errors.", "title": "Mode", "type": "string" } @@ -213138,7 +213138,7 @@ "additionalProperties": false, "properties": { "AppAssessmentSchedule": { - "markdownDescription": "", + "markdownDescription": "Assessment execution schedule with 'Daily' or 'Disabled' values.", "title": "AppAssessmentSchedule", "type": "string" }, @@ -213148,7 +213148,7 @@ "type": "string" }, "Description": { - "markdownDescription": "", + "markdownDescription": "Optional description for an application.", "title": "Description", "type": "string" }, @@ -213156,18 +213156,18 @@ "items": { "$ref": "#/definitions/AWS::ResilienceHub::App.EventSubscription" }, - "markdownDescription": "", + "markdownDescription": "The list of events you would like to subscribe and get notification for. Currently, AWS Resilience Hub supports notifications only for *Drift detected* and *Scheduled assessment failure* events.", "title": "EventSubscriptions", "type": "array" }, "Name": { - "markdownDescription": "", + "markdownDescription": "Name for the application.", "title": "Name", "type": "string" }, "PermissionModel": { "$ref": "#/definitions/AWS::ResilienceHub::App.PermissionModel", - "markdownDescription": "", + "markdownDescription": "Defines the roles and credentials that AWS Resilience Hub would use while creating the application, importing its resources, and running an assessment.", "title": "PermissionModel" }, "ResiliencyPolicyArn": { @@ -213185,7 +213185,7 @@ }, "Tags": { "additionalProperties": true, - "markdownDescription": "", + "markdownDescription": "Tags assigned to the resource. A tag is a label that you assign to an AWS resource. Each tag consists of a key/value pair.", "patternProperties": { "^[a-zA-Z0-9]+$": { "type": "string" @@ -213227,17 +213227,17 @@ "additionalProperties": false, "properties": { "EventType": { - "markdownDescription": "", + "markdownDescription": "The type of event you would like to subscribe and get notification for. Currently, AWS Resilience Hub supports notifications only for *Drift detected* ( `DriftDetected` ) and *Scheduled assessment failure* ( `ScheduledAssessmentFailure` ) events.", "title": "EventType", "type": "string" }, "Name": { - "markdownDescription": "", + "markdownDescription": "Unique name to identify an event subscription.", "title": "Name", "type": "string" }, "SnsTopicArn": { - "markdownDescription": "", + "markdownDescription": "Amazon Resource Name (ARN) of the Amazon Simple Notification Service topic. The format for this ARN is: `arn:partition:sns:region:account:topic-name` . For more information about ARNs, see [Amazon Resource Names (ARNs)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* guide.", "title": "SnsTopicArn", "type": "string" } @@ -213255,17 +213255,17 @@ "items": { "type": "string" }, - "markdownDescription": "", + "markdownDescription": "Defines a list of role Amazon Resource Names (ARNs) to be used in other accounts. These ARNs are used for querying purposes while importing resources and assessing your application.\n\n> - These ARNs are required only when your resources are in other accounts and you have different role name in these accounts. Else, the invoker role name will be used in the other accounts.\n> - These roles must have a trust policy with `iam:AssumeRole` permission to the invoker role in the primary account.", "title": "CrossAccountRoleArns", "type": "array" }, "InvokerRoleName": { - "markdownDescription": "", + "markdownDescription": "Existing AWS IAM role name in the primary AWS account that will be assumed by AWS Resilience Hub Service Principle to obtain a read-only access to your application resources while running an assessment.\n\n> - You must have `iam:passRole` permission for this role while creating or updating the application.\n> - Currently, `invokerRoleName` accepts only `[A-Za-z0-9_+=,.@-]` characters.", "title": "InvokerRoleName", "type": "string" }, "Type": { - "markdownDescription": "", + "markdownDescription": "Defines how AWS Resilience Hub scans your resources. It can scan for the resources by using a pre-existing role in your AWS account, or by using the credentials of the current IAM user.", "title": "Type", "type": "string" } @@ -213279,22 +213279,22 @@ "additionalProperties": false, "properties": { "AwsAccountId": { - "markdownDescription": "", + "markdownDescription": "The AWS account that owns the physical resource.", "title": "AwsAccountId", "type": "string" }, "AwsRegion": { - "markdownDescription": "", + "markdownDescription": "The AWS Region that the physical resource is located in.", "title": "AwsRegion", "type": "string" }, "Identifier": { - "markdownDescription": "", + "markdownDescription": "Identifier of the physical resource.", "title": "Identifier", "type": "string" }, "Type": { - "markdownDescription": "", + "markdownDescription": "Specifies the type of physical resource identifier.\n\n- **Arn** - The resource identifier is an Amazon Resource Name (ARN) and it can identify the following list of resources:\n\n- `AWS::ECS::Service`\n- `AWS::EFS::FileSystem`\n- `AWS::ElasticLoadBalancingV2::LoadBalancer`\n- `AWS::Lambda::Function`\n- `AWS::SNS::Topic`\n- **Native** - The resource identifier is an AWS Resilience Hub -native identifier and it can identify the following list of resources:\n\n- `AWS::ApiGateway::RestApi`\n- `AWS::ApiGatewayV2::Api`\n- `AWS::AutoScaling::AutoScalingGroup`\n- `AWS::DocDB::DBCluster`\n- `AWS::DocDB::DBGlobalCluster`\n- `AWS::DocDB::DBInstance`\n- `AWS::DynamoDB::GlobalTable`\n- `AWS::DynamoDB::Table`\n- `AWS::EC2::EC2Fleet`\n- `AWS::EC2::Instance`\n- `AWS::EC2::NatGateway`\n- `AWS::EC2::Volume`\n- `AWS::ElasticLoadBalancing::LoadBalancer`\n- `AWS::RDS::DBCluster`\n- `AWS::RDS::DBInstance`\n- `AWS::RDS::GlobalCluster`\n- `AWS::Route53::RecordSet`\n- `AWS::S3::Bucket`\n- `AWS::SQS::Queue`", "title": "Type", "type": "string" } @@ -213309,32 +213309,32 @@ "additionalProperties": false, "properties": { "EksSourceName": { - "markdownDescription": "", + "markdownDescription": "Name of the Amazon Elastic Kubernetes Service cluster and namespace this resource belongs to.\n\n> This parameter accepts values in \"eks-cluster/namespace\" format.", "title": "EksSourceName", "type": "string" }, "LogicalStackName": { - "markdownDescription": "", + "markdownDescription": "The name of the AWS CloudFormation stack this resource is mapped to.", "title": "LogicalStackName", "type": "string" }, "MappingType": { - "markdownDescription": "", + "markdownDescription": "Specifies the type of resource mapping.\n\n- **AppRegistryApp** - The resource is mapped to another application. The name of the application is contained in the `appRegistryAppName` property.\n- **CfnStack** - The resource is mapped to a AWS CloudFormation stack. The name of the AWS CloudFormation stack is contained in the `logicalStackName` property.\n- **Resource** - The resource is mapped to another resource. The name of the resource is contained in the `resourceName` property.\n- **ResourceGroup** - The resource is mapped to AWS Resource Groups . The name of the resource group is contained in the `resourceGroupName` property.", "title": "MappingType", "type": "string" }, "PhysicalResourceId": { "$ref": "#/definitions/AWS::ResilienceHub::App.PhysicalResourceId", - "markdownDescription": "", + "markdownDescription": "Identifier of the physical resource.", "title": "PhysicalResourceId" }, "ResourceName": { - "markdownDescription": "", + "markdownDescription": "Name of the resource that the resource is mapped to.", "title": "ResourceName", "type": "string" }, "TerraformSourceName": { - "markdownDescription": "", + "markdownDescription": "The short name of the Terraform source.", "title": "TerraformSourceName", "type": "string" } @@ -213381,13 +213381,13 @@ "additionalProperties": false, "properties": { "DataLocationConstraint": { - "markdownDescription": "", + "markdownDescription": "Specifies a high-level geographical location constraint for where your resilience policy data can be stored.", "title": "DataLocationConstraint", "type": "string" }, "Policy": { "additionalProperties": false, - "markdownDescription": "", + "markdownDescription": "The resiliency policy.", "patternProperties": { "^[a-zA-Z0-9]+$": { "$ref": "#/definitions/AWS::ResilienceHub::ResiliencyPolicy.FailurePolicy" @@ -213397,18 +213397,18 @@ "type": "object" }, "PolicyDescription": { - "markdownDescription": "", + "markdownDescription": "The description for the policy.", "title": "PolicyDescription", "type": "string" }, "PolicyName": { - "markdownDescription": "", + "markdownDescription": "The name of the policy", "title": "PolicyName", "type": "string" }, "Tags": { "additionalProperties": true, - "markdownDescription": "", + "markdownDescription": "Tags assigned to the resource. A tag is a label that you assign to an AWS resource. Each tag consists of a key/value pair.", "patternProperties": { "^[a-zA-Z0-9]+$": { "type": "string" @@ -213418,7 +213418,7 @@ "type": "object" }, "Tier": { - "markdownDescription": "", + "markdownDescription": "The tier for this resiliency policy, ranging from the highest severity ( `MissionCritical` ) to lowest ( `NonCritical` ).", "title": "Tier", "type": "string" } @@ -213455,12 +213455,12 @@ "additionalProperties": false, "properties": { "RpoInSecs": { - "markdownDescription": "", + "markdownDescription": "Recovery Point Objective (RPO) in seconds.", "title": "RpoInSecs", "type": "number" }, "RtoInSecs": { - "markdownDescription": "", + "markdownDescription": "Recovery Time Objective (RTO) in seconds.", "title": "RtoInSecs", "type": "number" } @@ -214717,12 +214717,12 @@ "additionalProperties": false, "properties": { "DurationSeconds": { - "markdownDescription": "The number of seconds vended session credentials will be valid for", + "markdownDescription": "Sets the maximum number of seconds that vended temporary credentials through [CreateSession](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html) will be valid for, between 900 and 3600.", "title": "DurationSeconds", "type": "number" }, "Enabled": { - "markdownDescription": "The enabled status of the resource.", + "markdownDescription": "Indicates whether the profile is enabled.", "title": "Enabled", "type": "boolean" }, @@ -214730,17 +214730,17 @@ "items": { "type": "string" }, - "markdownDescription": "A list of managed policy ARNs. Managed policies identified by this list will be applied to the vended session credentials.", + "markdownDescription": "A list of managed policy ARNs that apply to the vended session credentials.", "title": "ManagedPolicyArns", "type": "array" }, "Name": { - "markdownDescription": "The customer specified name of the resource.", + "markdownDescription": "The name of the profile.", "title": "Name", "type": "string" }, "RequireInstanceProperties": { - "markdownDescription": "Specifies whether instance properties are required in CreateSession requests with this profile.", + "markdownDescription": "Specifies whether instance properties are required in temporary credential requests with this profile.", "title": "RequireInstanceProperties", "type": "boolean" }, @@ -214748,12 +214748,12 @@ "items": { "type": "string" }, - "markdownDescription": "A list of IAM role ARNs that can be assumed when this profile is specified in a CreateSession request.", + "markdownDescription": "A list of IAM role ARNs. During `CreateSession` , if a matching role ARN is provided, the properties in this profile will be applied to the intersection session policy.", "title": "RoleArns", "type": "array" }, "SessionPolicy": { - "markdownDescription": "A session policy that will applied to the trust boundary of the vended session credentials.", + "markdownDescription": "A session policy that applies to the trust boundary of the vended session credentials.", "title": "SessionPolicy", "type": "string" }, @@ -214761,7 +214761,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "A list of Tags.", + "markdownDescription": "The tags to attach to the profile.", "title": "Tags", "type": "array" } @@ -214922,11 +214922,11 @@ "properties": { "SourceData": { "$ref": "#/definitions/AWS::RolesAnywhere::TrustAnchor.SourceData", - "markdownDescription": "A union object representing the data field of the TrustAnchor depending on its type", + "markdownDescription": "The data field of the trust anchor depending on its type.", "title": "SourceData" }, "SourceType": { - "markdownDescription": "The type of the TrustAnchor.", + "markdownDescription": "The type of the TrustAnchor.\n\n> `AWS_ACM_PCA` is not an allowed value in your region.", "title": "SourceType", "type": "string" } @@ -222693,7 +222693,7 @@ "type": "string" }, "TracingConfig": { - "markdownDescription": "Tracing mode of an Amazon SNS topic. By default `TracingConfig` is set to `PassThrough` , and the topic passes through the tracing header it receives from an Amazon SNS publisher to its subscriptions. If set to `Active` , Amazon SNS will vend X-Ray segment data to topic owner account if the sampled flag in the tracing header is true. Only supported on standard topics.", + "markdownDescription": "Tracing mode of an Amazon SNS topic. By default `TracingConfig` is set to `PassThrough` , and the topic passes through the tracing header it receives from an Amazon SNS publisher to its subscriptions. If set to `Active` , Amazon SNS will vend X-Ray segment data to topic owner account if the sampled flag in the tracing header is true.", "title": "TracingConfig", "type": "string" }